Search results

Here is a funny but true story. When TAXII was being developed, everyone still used HTTP for transport. A bunch of folks got together and started working out how to create a secure data transport protocol for XML over HTTP. When they were finished and people started looking at their final...

My answer is a little different than that of others. I trained folks who worked for telecommunications companies and had jobs on equipment that had been phased out. I ran classes that met 2 hours per day over three weeks (30 hours total). My time of day preference is 10 AM-noon (avoids late...

Great query. I advise my rookie students (0-3 years actual experience) against seeking those higher level certifications that assume or require years of experience and instead suggest that they dig in on foundational learning. I find students who frequently start at Sec+ and then complain they...

The new revision of Cloud+ goes there, but I was disappointed that there wasn't a more direct comparison of public versus private clouds versus data centers. A number of well-known companies have retreated from using the cloud and gone back to their own data centers, and the rationale for that...

My family and I gather around a tree full of ornaments and mementos and watch all the Die Hard movies. #WhatIsYourFavoriteChristmasMovie?

This is just for CIN access. CIN authentication will stand-alone event for the duration of the construction.

Great question, Professor Chandler! CVEs are covered in Security+, CySA+, and CASP+/SecurityX. CWEs are not explicitly covered in CySA+, but I always include them in my presentation of CVEs and CVSS, being super careful to point out that they are not in the exam objectives. CWEs are essential...

Thanks for the post and the poll, Greg! I started out my career earning a B.S. in Computer Science in 5.5 years. I worked as a programmer for about five years before moving to networking and management. Ten years into networking, I faced a dilemma: I had my CCIE and a bunch of cybersecurity...

I just found out that I passed the CASP+ / SecurityX beta. How did I find out? Not via email. I logged into the CompTIA test portal and, from the test taker dashboard, went to exam history. It shows pass or fail, as the CASP+ exam never had a score.

The stories I could tell about the 1980s and 90s Novell Certified Netware Instructor (CNI) program! If you were a CNI, you had a 'batting average' based on the surveys that students completed at the end of a class. Those students always completed those surveys because if they didn't, they...

I agree with Rick. I stopped looking at the Dark Web and now just allocate that time to looking at Instagram and X. Yet another sewer.

Privilege escalation attacks. #1.

Great question Tess. I think Professor Chandler is trying to highlight how much confidence in vendor implementations and trust profiles. If you don't use a VPN from a Win PC on a trusted network to the Internet versus using a VPN from that same Win PC from a local coffee shop to the Internet...

I disagree with your opinion about choice of OS. Each OS can implement different protocols and solutions differently. That's where I think Professor Chandler was going. By using a VPN all the time you add another layer of protection to your data. So, if you are using, say, MS Teams or...

Isn't GIAC part of or a spin off of SANS?

I heard this too but truth be told I was standing next to Rick at the time.

No. Just moving to characters on the left side of the keyboard. :)

I'm thinking that they'll drop the + and move to the ~ or the #. Better for lefties.

Yeah. Look what it did to OpenAI. It was a not-for-profit and everyone was happy. And then... Those folks are now just scraping along. Currently valued at only 157 billion?

In Reddit terms, I'd say you're NTA. That forum is (unfortunately) full of people looking for a shortcut. In my opinion, you are exactly right when you point at the exam objectives and how the topics are weighted and say, 'Look, there it is!'. Your B is looking for you to disclose something...