SAN FRANCISCO, MIAMI, and DOWNERS GROVE, Ill., Nov. 4, 2024 /PRNewswire/ -- H.I.G. Capital ("H.I.G.") and Thoma Bravo are pleased to announce the signing of a definitive agreement to acquire the brand and world-leading information technology (IT) certification and training business and products of the Computing Technology Industry Association ("CompTIA").


CompTIA is a global leader in IT certifications and trainings, focused on promoting industry growth and skills development across the $5 trillion global IT ecosystem and its 38 million professionals. It provides comprehensive education, training, certifications, and market research, across areas including cybersecurity, emerging technologies, networking, cloud computing, and technical support. As the largest vendor-neutral credentialing program for technology workers, CompTIA has awarded over 3.5 million globally recognized certifications to professionals across the full range of technology companies. It also maintains a strong global partner program with thousands of academic institutions, non-profits, job corps centers, and other organizations, focused on developing and certifying the next generation of technology talent. Following the closing of the transaction, CompTIA will operate as a for-profit company under H.I.G. and Thoma Bravo's ownership. Its existing membership-based, 501(c)(6) nonprofit organization will be separated from CompTIA and continue its mission of service to the IT industry.


"We are thrilled to be joining forces with two leading, experienced investors in the technology space, whose expertise and resources will allow us to expand our impact on the global IT industry," said Todd Thibodeaux, President and CEO at CompTIA. "Through this transaction, we will be well-positioned to accelerate and expand the rollout of products and services to train the highly skilled workers of the future, and further strengthen our reputation across the industry as the leading provider of certifications and trainings."


"The Association's Board of Directors is very excited to be working with H.I.G. Capital and Thoma Bravo in this transformational process for the Association and also for the CompTIA business," said Tracy Pound, Chair of CompTIA's Board.

"This transaction will allow the Association to chart an expanded course of service to the global IT industry while making a substantial new commitment to charitable impact," added Scott Barlow, Vice Chair of CompTIA's Board.

"We are delighted to partner with Todd and the rest of the CompTIA team," said Matthew Robinson, Managing Director at H.I.G. "We look forward to embarking together with management on CompTIA's next phase of growth as a business fully dedicated to advancing the careers of IT professionals globally."

"Global education is continually evolving to become more skills-based, and CompTIA is powering that shift with partnerships spanning academic institutions, private enterprises, government entities, and training delivery partners," said Matt Hankins, Managing Director at H.I.G. "CompTIA's educational training content and certifications are enabling people across the world to gain entry and advancement in the IT space to unlock personal earning potential."

"The technology landscape is evolving quickly, and it is more important than ever that IT professionals have the skills needed to solve not only today's challenges, but also those expected to emerge in the future," said A.J. Rohde, Senior Partner at Thoma Bravo. "We view our investment in CompTIA as an important opportunity to capitalize on this growing need while investing in the development of the industry as a whole."

"CompTIA is a trusted name in IT, with significant partnerships across sectors and industries," said George Jaber, Principal at Thoma Bravo. "We look forward to working with CompTIA to invest in further developing its suite of industry-leading training and certification products, creating the next generation of resources that the industry needs while upholding CompTIA's global reputation."

The transaction is expected to close in early 2025 and is subject to customary regulatory approval.

Macquarie Capital, Ropes & Gray LLP, and Polsinelli LLP are serving as advisors to H.I.G. and Thoma Bravo. J.P. Morgan Securities LLC is serving as exclusive financial advisor to CompTIA and Husch Blackwell LLP is serving as legal advisor.

About CompTIA

The Computing Technology Industry Association (CompTIA) is the world's leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Millions of current and aspiring technology workers around the world rely on CompTIA for the training, education and professional certifications that give them the confidence and skills to work in tech. For more information, visit comptia.org.

About H.I.G. Capital

H.I.G. Capital is a leading global alternative investment firm with $65 billion of capital under management.* Based in Miami, and with offices in Atlanta, Boston, Chicago, Los Angeles, New York, and San Francisco in the United States, as well as international affiliate offices in Hamburg, London, Luxembourg, Madrid, Milan, Paris, Bogotá, Rio de Janeiro, São Paulo, Dubai, and Hong Kong, H.I.G. specializes in providing both debt and equity capital to middle market companies, utilizing a flexible and operationally focused/value-added approach:

• H.I.G.'s equity funds invest in management buyouts, recapitalizations, and corporate carve-outs of both profitable as well as underperforming manufacturing and service businesses.
• H.I.G.'s debt funds invest in senior, unitranche, and junior debt financing to companies across the size spectrum, both on a primary (direct origination) basis, as well as in the secondary markets. H.I.G. also manages a publicly traded BDC, WhiteHorse Finance.
• H.I.G.'s real estate funds invest in value-added properties, which can benefit from improved asset management practices.
• H.I.G. Infrastructure focuses on making value-add and core plus investments in the infrastructure sector

Since its founding in 1993, H.I.G. has invested in and managed more than 400 companies worldwide. The Firm's current portfolio includes more than 100 companies with combined sales in excess of $53 billion. For more information, please refer to the H.I.G. website at hig.com.

*Based on total capital raised by H.I.G. Capital and affiliates.

About Thoma Bravo

Thoma Bravo is one of the largest software-focused investors in the world, with approximately $160 billion in assets under management as of June 30, 2024. Through its private equity, growth equity and credit strategies, the firm invests in growth-oriented, innovative companies operating in the software and technology sectors. Leveraging Thoma Bravo's deep sector knowledge and strategic and operational expertise, the firm collaborates with its portfolio companies to implement operating best practices and drive growth initiatives. Over the past 20+ years, the firm has acquired or invested in more than 490 companies representing approximately US$265 billion in enterprise value (including control and non-control investments). The firm has offices in Chicago, London, Miami, New York and San Francisco. For more information, visit thomabravo.com.

I am eager to attend

Greetings!!

@Stephen Schneiter

I wanted to follow up regarding my request to update my email for my CIN membership. It’s been some time since I initially reached out, and the change still appears to be pending.

@Stephen Schneiter
Greetings!
I've been monitoring my email for the voucher and not received as today. Can you inform when will it be available?

Hello, I'm searching for an CompTIA A+ instructor to teach our online courses to our students in Cape Town, South Africa.

Hello CIN Community!

I'm reaching out to connect with fellow instructors who share a passion for making a difference in underserved communities, particularly those at Historically Black Colleges and Universities (HBCUs). As members of the CIN, we have a unique opportunity to collectively empower those communities with the skills and certifications needed to excel in cybersecurity and IT.

I'm currently working on an initiative to develop and support cyber range and training programs for local HBCUs in Baltimore, MD. The long-term goal is to scale these programs across all 100+ HBCUs. The goal is to create immersive, hands-on experiences that span foundational IT skills to advanced cybersecurity certifications, leveraging CompTIA's courseware and certifications as a central part of the curriculum.

If you're interested in contributing to this vision or if you know of any similar programs in the space, I'd love to hear from you. Specifically, I'm looking to:

• Identify CompTIA Instructors interested in partnering on or mentoring for these programs
• Gather insights from those who may already be involved in similar initiatives
• Source any existing resources, best practices, or ideas that would help make this program impactful and sustainable

Together, we can help bridge the IT and cybersecurity skills gap and open new doors for talented students in these communities. Please reach out here or via a direct message ([email protected]) if you're interested or have resources to share. In the meantime, I will be scouring the forums for ideas and similar discussions.

Looking forward to collaborating,

Brandon Royal, MSCy, CSIE, GSTRT, CISSP

So, I am really confused about maintenance fees. My understanding is we only pay for the most expensive cert and even then... Not sure how this works when you have multiple at the same level. I am also unsure when it starts. Looking at Continuing education, I have a lot of certifications, and I am confused about whether I need to pay anything this year.

I also see that most of my certs this year have not been sent to fulfillment. I think this is the paper certification.

Any way... I'm hoping I have a budget left over at work, and I can pay some of these, but I'm really confused as to what I should pay.

It looks like I partially paid Cloud+, and since it is listed in the professional series, is that the only one I need to care about?

Here is a transcript if you want to help me

Hi All,
I would have sworn they discussed having example videos for the various labs in Net+ 009 CM Perform. I can't find them for the trees - so to speak.
Can someone point me in the right direction?

Also, are there any explanations or videos for the few PBQs in the CM Perform final?

I trying NOT to reinvent the wheel if they are already somewhere I'm over looking.

Thanks in advance CINners,
Amy

I'd like to get some input from the CIN community regarding Cyber Threats.
What do you see as top ones???

I’m thrilled to have been part of this incredible CompTIA EMEA partner conferences as a speaker! The energy was amazing, and I had the chance to meet some truly inspiring people. This experience has left me more motivated than ever. Can’t wait to step back onto that big stage next year!

Great job @Stephen Schneiter

I attended the Cloud+ TTT sessions. How do I go about claiming my voucher? Appreciate the support, I am new here so not familiar with the process.

Hello,
I am an instructor at a CompTIA Corporate Partner. Is there a way that instructors can get free access to labs. While I can create an own environment when teaching, it takes time to build and also since I don't have access to the student labs, it becomes difficult to support my students when they are stuck. It doesn't make sense for the organization to buy me a lab every time I am delivering a class.

Hello,

I am wondering if anyone is facing the same issue? CertMaster Labs is not accessible. We have tried to access the lab using different accounts using the office internet, and also from the home internet. The link to the instructor guides is working though.

I have only recently started going through the material for Certmaster N10-009, and already I am getting the feeling that this course may be lacking content that may be useful to students. Just in the first section where it discusses topologies, it does not cover ring and bus topologies, which even though those topologies are relatively old and unused, I feel like they should still be included in the material. On top of that, one of the practice questions uses a logical topology as one of it's answers, which was not covered at all. Is this a consistent theme throughout the course, or am I just off to a bad start? Let me know what you think of the new Certmaster Network+ N10-009.

Fellow Instructors,

I’m curious about how you approach developing and delivering classroom labs, especially when there’s a need to differentiate from the provided CertMaster Labs or similar online lab environments. As we know, hands-on labs are essential for reinforcing concepts and giving students practical experience, but I want to explore ways to avoid redundancy while keeping the content engaging and effective.

Here are some points to consider:

Preferred Lab Environment:
- Do you tend to use physical hardware setups, or do you prefer virtual machines and simulations? In Cisco instruction, for example, Packet Tracer allows us to demonstrate network configurations without needing physical equipment, but what’s your go-to?

Guidebooks or Resources:
- Are there specific guidebooks, manuals, or resources you rely on for inspiration when designing in-classroom labs? I find that instructor guides provided by some vendors can be helpful, but I’m always looking for more diverse options that can complement the CertMaster Labs.

Unique Lab Scenarios:
- How do you ensure the lab scenarios you create are unique and add value beyond what’s covered in CertMaster or other vendor-provided labs? For instance, do you design scenario-based labs that connect multiple topics together, or do you prefer to break down complex tasks into smaller, focused demos?

Balancing Physical and Virtual Components:
- How do you strike the right balance between using physical hardware versus virtual environments like Packet Tracer or VMware? I find that while virtual environments are convenient, physical hardware can sometimes provide a more tactile learning experience. What has worked best for you and your students?

Please feel free to share your strategies, experiences, and any tips for creating in-class labs that are engaging, challenging, and complementary to the existing CertMaster content.

Looking forward to hearing your thoughts!

Prof. Jason C. Rochon, CISSP

Hello everyone. I"m teaching the Network+ N10-009 course. I want to insure that my students have the most effective tools to use for the training. I've purchased the bundle for other courses in the past,, CompTIA A+, Learn, Practice Labs and Voucher. I hear that Perform is a new tool that has other features that may replace Certmaster Learn.

In your estimation, should I stick with the original bundle of Certmaster Learn, Practice, Labs and Voucher or purchase Perform, Practice and Voucher. Again, this is for Network+ N10-009.

Lastly, I want to confirm that when I purchase either of these bundles, there's an instructor or organization access key and student access key for all products. I need to make this purchase immediately.

With Appreciation,

Bobbie

The three CompTIA certifications you mentioned—Data+, DataSys+, and DataX—cater to different levels of expertise and specializations within the data and IT fields:

1. CompTIA Data+: This is an entry-level certification aimed at individuals who want to start their careers in data analysis. It covers foundational skills such as data mining, visualization, governance, and statistical analysis. It's ideal for those seeking roles like data analysts or business analysts, as it focuses on using data to generate actionable insights and reports. Data+ is a good starting point for those new to the field, with about 18-24 months of relevant experience being recommended.
   
   
2. CompTIA DataSys+: This is a more advanced certification focused on data systems management. It covers topics such as database architecture, cloud integration, and data security. DataSys+ is geared towards professionals responsible for managing and securing data storage and processing systems. It's suitable for roles like database administrators, data architects, and IT security specialists, as it requires deeper expertise in managing data infrastructures.
   
   
3. CompTIA DataX: This is an expert-level certification for professionals with at least five years of experience in data science or related fields. DataX is part of the Xpert series and covers advanced concepts in mathematics, machine learning, and specialized data science applications. It targets seasoned professionals who want to validate their expertise in high-level data science operations. This certification is designed to demonstrate a comprehensive understanding of critical data science tools and concepts and is ideal for advanced roles such as data scientists.
   
   
   In summary, Data+ is for foundational data skills, DataSys+ is for managing data systems, and DataX is for expert-level data science skills.

Cloud load balancers distribute traffic across multiple virtual machines (VMs), containers, or servers within the cloud infrastructure. Here are some specific ways cloud load balancing can be deployed:

1. Cloud-Based Load Balancers:​

• Elastic Load Balancer (ELB) in AWS
• Azure Load Balancer in Microsoft Azure
• Google Cloud Load Balancing in Google Cloud
• These services automatically distribute incoming traffic across multiple instances in multiple regions or zones.

2. Global Load Balancing:​

• In cloud environments, load balancers can distribute traffic across multiple data centers or regions. This ensures global availability and low-latency access for users based on their geographic location.

3. Auto-Scaling Integration:​

• Cloud-based load balancers often work hand-in-hand with auto-scaling. As traffic increases, the cloud environment automatically spins up new instances, and the load balancer evenly distributes traffic among these instances.

4. Multi-Cloud and Hybrid Cloud Load Balancing:​

• Some organizations use load balancers that work across multiple cloud environments (multi-cloud) or between on-premises and cloud (hybrid cloud), ensuring seamless traffic distribution across different platforms.

Advantages of Cloud Load Balancers:​

• Scalability: As demand grows, load balancing in the cloud enables you to scale out (add more resources) without manually configuring the infrastructure.
• Flexibility: Cloud load balancers can handle a variety of traffic types (HTTP, HTTPS, TCP, etc.) and can work at both Layer 4 (transport) and Layer 7 (application) levels.
• Cost-Efficiency: Instead of investing in expensive physical load balancers, cloud load balancers are billed on a pay-as-you-go basis, making them more cost-effective.
• Resilience: They offer automatic failover and redundancy across regions or availability zones, enhancing fault tolerance.
• Security: Cloud providers often integrate security features like SSL offloading, DDoS protection, and traffic filtering at the load balancer level.

Common Cloud Load Balancing Use Cases:​

• Web Applications: Ensure smooth performance by distributing traffic across multiple cloud instances.
• Microservices: Manage and balance traffic between various containers or services.
• Global Traffic Management: Serve content from the nearest location to reduce latency for users worldwide.

Cloud Load Balancing Services by Major Providers:​

• AWS Elastic Load Balancing (ELB): Offers Application Load Balancer (Layer 7), Network Load Balancer (Layer 4), and Gateway Load Balancer.
• Azure Load Balancer: Supports both internal and public load balancing and integrates with Azure's global regions.
• Google Cloud Load Balancer: Offers regional and global load balancing, with features like SSL offloading and content-based routing.

Conclusion:​

Load balancing is essential in cloud environments for achieving high performance, redundancy, and scalability. Cloud providers make it easy to deploy and manage load balancers, allowing businesses to handle varying traffic demands efficiently while ensuring service reliability across regions or zones.

Hello community,

What's the difference between passkeys being used for authentication
vs. public-key authentication?

Hello everyone,

I hope you’re all doing well! I wanted to share a recent teaching experience related to SSL/TLS certificate verification and seek your insights on a particular point of confusion that came up in class.

During a session on secure communications, I had my students test the SSL/TLS configuration of a web server using OpenSSL. We used the following command to retrieve and display the certificate details:

openssl s_client -connect 192.168.100.30:443 -showcerts

This command successfully connected to the server and displayed the server’s certificate chain. However, one student asked about the process of verifying whether the certificate is valid and trusted, particularly regarding the role of Certificate Authorities (CAs).

To clarify, I explained that the verification process involves checking several factors, including:

1. Whether the certificate is signed by a trusted CA.
2. The certificate’s expiration date.
3. The certificate's revocation status, often checked through OCSP (Online Certificate Status Protocol).

However, I realized I could provide more depth on how to perform these checks effectively. For example, we can check the certificate expiration date using:

openssl x509 -in certificate.crt -noout -dates

I’d love to hear your suggestions on the following:

1. How can I effectively demonstrate the entire SSL/TLS verification process in class, including checking the certificate’s revocation status?
2. Are there any additional tools or techniques you recommend for teaching about certificate verification and the role of CAs in ensuring secure communications?

Thank you for your insights!

1. Cross-Site Scripting (XSS)​

• If you come across: User input fields (like comments or search bars)
  • Verify for:
    • Reflected XSS: Injecting scripts in the input to see if they are executed in the user's browser.
    • Persistent XSS: Checking if scripts are stored on the server and reflected back to users.
  • Prevention: Implement input validation, output encoding, and Content Security Policy (CSP).

2. Overflow Vulnerabilities​

• If you come across: User input or data handling that may exceed allocated memory
  • Verify for:
    • Buffer Overflow: Sending oversized inputs to trigger memory corruption.
    • Integer Overflow: Providing inputs that exceed maximum integer values.
    • Heap Overflow: Manipulating dynamic memory allocation to corrupt memory.
    • Stack Overflow: Causing the call stack to exceed its limit.
  • Prevention: Use safe coding practices, input validation, and memory management techniques.

3. Data Poisoning​

• If you come across: User-modifiable data inputs
  • Verify for: Manipulating data to affect the application's behavior or outcomes.
  • Prevention: Validate inputs and implement strong data integrity checks.

4. Broken Access Control​

• If you come across: User permissions or roles within the application
  • Verify for: Accessing restricted resources or functions without proper authorization.
  • Prevention: Enforce strict role-based access control (RBAC) and regularly audit access permissions.

5. Cryptographic Failures​

• If you come across: Data stored or transmitted securely (e.g., passwords, personal data)
  • Verify for: Weak encryption algorithms or improper key management.
  • Prevention: Use strong encryption protocols and ensure proper key storage and lifecycle management.

6. Injection Flaws​

• If you come across: Input fields that interact with databases or APIs
  • Verify for:
    • SQL Injection: Manipulating SQL queries through input fields.
    • Command Injection: Executing arbitrary commands on the server.
  • Prevention: Use parameterized queries, prepared statements, and input validation.

7. Cross-Site Request Forgery (CSRF)​

• If you come across: Forms that perform state-changing actions
  • Verify for: Unauthenticated requests being accepted by the application.
  • Prevention: Implement anti-CSRF tokens and validate the origin of requests.

8. Directory Traversal​

• If you come across: File upload or retrieval functions
  • Verify for: Accessing restricted directories using path traversal techniques.
  • Prevention: Validate and sanitize file paths and restrict access to sensitive directories.

9. Insecure Design​

• If you come across: Flaws in the application's architecture
  • Verify for: Design weaknesses that expose the application to various attacks.
  • Prevention: Follow secure design principles and perform threat modeling.

10. Security Misconfiguration​

• If you come across: Default settings in applications or services
  • Verify for: Misconfigured security settings or unused features being enabled.
  • Prevention: Regularly review and harden security configurations, and conduct security audits.

11. End-of-Life or Outdated Components​

• If you come across: Use of libraries or software that are no longer supported
  • Verify for: Known vulnerabilities associated with outdated components.
  • Prevention: Regularly update and patch software components and replace end-of-life software.

12. Identification and Authentication Failures​

• If you come across: Login or authentication mechanisms
  • Verify for: Weak password policies, account enumeration, or failure to implement multi-factor authentication.
  • Prevention: Enforce strong password policies and implement multi-factor authentication.

13. Server-Side Request Forgery (SSRF)​

• If you come across: Applications making backend requests based on user input
  • Verify for: Manipulating requests to access internal services.
  • Prevention: Validate and sanitize user inputs, and restrict server-side requests.

14. Remote Code Execution (RCE)​

• If you come across: User inputs that are executed by the server
  • Verify for: Ability to execute arbitrary code on the server.
  • Prevention: Validate all inputs and use language features to limit code execution.

15. Privilege Escalation​

• If you come across: Role or permissions settings
  • Verify for: Users gaining unauthorized access to higher privilege levels.
  • Prevention: Implement the principle of least privilege and regularly review user roles.

16. Local File Inclusion (LFI) / Remote File Inclusion (RFI)​

• If you come across: File inclusion functionalities
  • Verify for: Ability to include local or remote files that could compromise the application.
  • Prevention: Validate and sanitize file paths and restrict the inclusion of sensitive files.

SHARE WITH US YOUR TIPS

Hi all,

I passed the CompTIA DataSys+ on Thursday. It was a great experience!

Thank you for the great resources and support!

Tracey

Hello,

I was wondering if an Instructor Guide/Student Guide for the DataX certification will be available for purchase in the future?

Thanks!
Tracey

I passed the DataSys+ DS0-001 exam yesterday, thanks to the continuous support and encouragement from CIN and @Stephen Schneiter .

@Stephen Schneiter ,Are the vouchers still be distributed from the Network+ TTT. I still haven't received mine yet. I'm wondering if others are in the same boat?
Thanks in Advance.