Thursday, April 30, 2020

The Do’s and Don’ts for Accessing the Deep and Dark Webs

ID Agent Senior Threat Analyst Duncan Miller took us on a tour of the deep and dark webs and explained what they are, why cybersecurity pros might want to browse them and how to find them. He also provided some do’s and don’ts for those ready to venture.

“I don't discourage people from going on the dark web, but do not do it on your work computer,” he said. “I go on every day as part of my job, and one time I forgot to go through the proper channels and our virtual private network (VPN) flipped out.”

He explained that the deep web is public internet content that has not been indexed while the dark web is an area of the internet that you can only access through special protocols.

On Coffee Break with CompTIA Councils, Chris Phillips, director of CompTIA's Industry Advisory Councils, and Ryan Walsh, chief channel officer at Pax8 and co-chair of the CompTIA Channel Advisory Board, run down a top 10 list of things to avoid when creating a channel plan.“In today’s environment, in particular if you’re dealing with small and medium-sized businesses that don’t have in-house IT—how to set it up, how to configure it, what policy to put in place, that would keep someone from going to an online marketplace. So, lesson learned, if you’re going into the channel assuming that customers buy direct that is a falsehood that we experienced.”

There are various reasons – some legitimate and some unsavory – that people visit the dark web. Among the legitimate reasons that Miller noted are reporters wanting to encrypt communication with their sources and threat analysts looking for credentials, personally identifiable information and other data related to their organization.

More Info: what is comptia a+

Wednesday, April 29, 2020

ChannelCon Technology Vendor Fair

ChannelCon attendees, don’t forget to check out all the latest products and services at the Technology Vendor Fair—and you won’t want to miss these booths that are offering some great raffle prizes. Remember, you have to be in it to win it!
Avast Business (Sony PlayStation 4)
Compliancy Group (Airpods)
D&H Distributing (MakeBlock Modular Programmable Drone)
Ecessa Corporation ($100 gift cards)
Egnyte (One Nintendo NES each day. Must be present to win)
enSilo (Parrot drone)
HelloSpoke (Oculus Quest all-in-one VR gaming system)
Identity Maestro (SodaStream Sparkling Water Maker Bundle, with CO2, glass bottles, and fruit drops flavors)
Manuel Palachuk International (Choice of new branded t-shirts for "The Zen of Coaching" and "Agile Service Delivery,” or a copy of the book “Getting to the Next Level.”
Overwatch by High Wire Networks ($100 Amazon gift card)
Probax (Amazon Echo Dot speaker)
ServiceTree (Akubra Hat)
Skout Cybersecurity (Xiaomi Mi Electric Scooter)
SmartSource (3 winners of a $150 Amazon gift card)
Smith.ai Virtual Receptionists & Web Chat (Win one of 3 $100 account credits to Smith.ai, good for virtual receptionist and/or live website chat service, staffed by their U.S.-based professional receptionists)
SUSE (SUSE branded YETI Rambler 20 oz. mug)
Unitrends MSP ($100 Digital Amazon Gift Card to be emailed directly to the winner post event)
VisibilityOne (Three $125 Amazon gift cards. One winner each day of the conference)
Set Clear Expectations

Outsiders coming into tech can often approach the industry with what they’ve heard, and not what they’ve experienced, including unrealistic attitudes about free form schedules and skyrocketing salaries. “We need to ensure kids understand specifically what it is that they need to do and not to be looking at the pie in the sky ideas,” Woods said. “We need to start with the educational piece to let them know what they need to do.”

Doyle agreed. “Show them what your company culture is. ‘This is how we work, and this is how you’re rewarded.’”

More Info: what jobs can you get with an a+ certification

Tuesday, April 28, 2020

Digital Transformation Branding

Sometimes, sifting through the think-pieces, reviews and white papers about the latest and greatest tech can feel like running through a gauntlet of opinions intermixed with facts. What tech should I adopt? What discussions should I follow? How can I sort out the helpful from the hype? A good lesson to keep in mind about technology development and adoption is that what is popular does not mean it will be good—for your company, your brand or your customer experience.

On the other hand, Sobel notes that while technology is bringing about many positive changes, the ethical repercussions of technological advancements are not getting equal attention, and that is a big problem.

“I look at it the way digital technologies are being used for influence, the way companies are processing information to market to you and to change opinions and some of the implications of technology…about [channel companies] actually having conversations about what might happen with your data, and what the risk is, and how you can be a good steward of it, and what your responsibilities are for your own data, and the way your data is being managed in the company. And all of that that’s super high value and it’s hard.”

As Sobel points out, the banking industry is regulated, whereas the data is not.

“Why is not every technology company saying, ‘What’s the Black Mirror episode that totally distorts the thing that I’m making? Like, what’s the horrific version of this out there and how do I make sure that that doesn’t happen?’ Because you can see this escalation of the kinds of things that are happening.”

Robinson notes that people are slow to realize the value of data and to protect it accordingly as well as the disconnect between what users say they want protected within their technology, and how little personal safeguarding is actually happening.

More Info: network plus certification salary

Monday, April 27, 2020

Platform Approach for a Strong Cybersecurity Posture

A platform approach is needed to assure that a cybersecurity posture is well-orchestrated, where everything is in the right place, rather than a conglomeration of expensive solutions facing in the wrong directions, which threats can circumvent from myriad different angles. That means treating solutions as part of an integrated, functional, scalable whole.

As a cybersecurity team pursues the implementation of a technology platform, it must assure is the following characteristics:
Modular: Can you select components based on your risk posture and threat landscape?

Centralized: Do you have a centralized management pane? Are you required to maintain multiple logins for each capability? Does the platform protect your users irrespective of their location and device?

Interoperable: It’s no good if your platforms cannot work harmoniously. A strong cybersecurity strategy identifies the need to prevent, detect and remediate cyber-attacks. Security services need to exchange information (logs, indicators of compromise, etc.) to facilitate this approach.

Cost-Effective: Strong security is no good if it isn’t cost-effective. If security controls cost more than the value of the data they’re protecting, there’s a problem. Your security platforms should lower your total cost of ownership when compared to point-based solutions.

Efficient: Efficiency is key. Without it, a platform cannot scale. Platforms should be designed ground-up as platforms. Solutions that do not follow this approach suffer from performance degradation as additional services and capabilities are switched on. This isn’t a true platform.
Other Voucher Discounts

Depending on where you live and what you qualify for, you may be able to get trained and certified for free (or nearly free). Government agencies and nonprofits offer free IT training programs that include certifications. If you don’t qualify for these free programs, you may be able to find a paid training program or college course that includes the certification. Learn more about programs that help you save money on CompTIA A+.

Getting an IT certification is an investment that will pay back in spades. But, if you need a more economic way to get certified, you have options. Bundles, discounts and training programs that include certifications can all help you save money when buying a voucher.

More Info: what jobs can i get with comptia a+

Friday, April 24, 2020

What Does a Phishing Email Look Like?

If you only read one of our security awareness training articles, read this one. It’s the blockbuster piece. If all else fails in your organization, at least get your employees to think critically of what is being asked of them in emails and take action. It will greatly reduce your security risk.

These are some of the common characteristics of phishing emails. Train end users how to recognize phishing emails and not to engage – don’t click, don’t reply. Develop a policy around what they should do if they receive a phishing email, such as deleting the email and reporting it.
Spoofed Emails

Threat actors are monitoring your email system. They are looking for patterns in your organization: who sends emails to one another? Who sends wire transfers? They can easily source email addresses from your company website or even from .xls or .pdf documents via a google search on your company domain. Your email and those of your peers are out there. Therefore, you can’t trust anything sent via email without analyzing it first.
Urgency Is the Reddest Red Flag

Any email that says, “login immediately,” “click here now” or “action required” is bogus. Nothing via email is urgent – that’s the whole point of email – it waits for the user to be ready for it. Manufactured urgency is one of the easiest ways to get a user to stop thinking critically and mindlessly click. Be wary of an email requesting immediate attention. If it was that important, they would have called you or walked over to your desk.

More Info: what kind of jobs can you get with comptia a+ certification

Thursday, April 23, 2020

Cybersecurity with a Security Intelligence

If you work in security intelligence, you are well on your way to having the skills needed in cybersecurity. While they both aim to identify, monitor and counter cyber threats, security intelligence takes a broader perspective and includes physical and cybersecurity whereas cybersecurity analytics homes in on protecting critical IT infrastructure. Security intelligence roles are most prevalent in government and enterprise, where cybersecurity roles can be found in any number of organizations and industries, opening up more job opportunities. People looking to switch from security intelligence to cybersecurity may need additional training or IT certifications to round out their skillset.

If you work in security intelligence – or have a security intelligence background but are struggling to find work – take a look at cybersecurity. This booming field won’t be changing anytime soon, and CyberSeek outlines career paths that can set you on the road to success. Keep reading to see what a career path in cybersecurity might look like for someone with security intelligence skills.
Entry-level: Cybersecurity Specialist/Technician

Cybersecurity specialist is a great starting point for a cybersecurity career. They guard an organization’s networks to help protect them from cyberattacks, and if an attack does occur, cybersecurity specialists fight it. They need to be creative and adaptable to ever-changing attack techniques. If you’re passionate about protecting networks and fighting off threats, a career as a cybersecurity specialist could be a great fit for you! Check out these quick facts about cybersecurity specialists:

More Info: comptia a+ requirements

Wednesday, April 22, 2020

Ways to Balance Cybersecurity

Provide guidance on the cost of digital transformation

The confusion that exists on this topic means there is still a disconnect around building enterprise systems. The ease of use around consumer technology and cloud systems has driven a wave of technical confidence among non-technical staff, but this confidence doesn’t necessarily translate to broad understanding. Enterprise systems are incredibly complex, and CompTIA research has shown that business staff still look to IT to handle integration and cybersecurity. Without coming across as a wet blanket, security providers need to take the lead on helping their clients understand the necessary security investments for any new technology initiatives.
Educate on security issues and business goals

As much as security providers need to educate around security issues, they also need their own education around corporate goals. When business leaders say they want digital transformation, they want the new technology to happen on a timeframe that helps them stay competitive, and that is usually the top priority. When presented with direct statements about innovation and cybersecurity, respondents indicated a willingness to strike a balance. But in a different part of the survey, the leading hurdle for cybersecurity initiatives is a prioritization of other technology. In discussions with clients, security providers should advocate for proper security measures, and they should also evolve their own practices to respond to the needs of the business.
CompTIA Linux+

ZDNet reported that more than 80% of hiring managers are looking for IT professionals with Linux skills. Business News Daily listed CompTIA Linux+ as one of the best Linux certifications available to IT professionals, alongside IT certifications such as Oracle Linux 6 Certified Implementation Specialist and Red Hat Certified Architect (RHCA). Please note that the LPI 2-for-1 offer Business News Daily mentions is no longer available.

GoCertify also calls CompTIA Linux+ a sought-after Linux credential that equips IT professionals with skills related to security, storage and virtualization, computer networking and more. The trade publication suggests other top networking certifications, such as GIAC Certified UNIX Security Administrator and Red Hat Certified System Administrator (RHCSA) for those wanting to make networking their specialty. More Info: a+ certification jobs with no experience

Tuesday, April 21, 2020

Incident security Response Plan for First Responders

As soon as they suspect an incident has occurred, before even communicating up that there is an issue, employees should know how to respond. Here are the steps they should take:
Power Off: Make sure you segment and depower the machine in question. Don’t forget about the ethernet cord either! Power is also delivered via the ethernet cord, so unplug that and the power cord itself.
Don’t Delete It: This is the hardest rule to follow because it goes against your instinct. If you delete the file that you believe is malicious, you will delete the trail that will allow a forensic investigator to determine the cause of the incident. This could have massive ramifications on a legal situation such as a lawsuit or an insurance claim. Segment and isolate the machine and power it down. What’s done is done. File deletion is not revenge, it’s just not very smart. Teach your first responders to respond logically, not emotionally. It’s not a first responder’s job to remediate the problem – it is their job to detect and protect further expansion of an incident.
Communicate Up: First responders should have a structure in place of who is in the “need to know” chain about a possible breach. After communicating up, first responders need to be informed of their marching orders while the responding manager takes on communications with the rest of your employees. These people should be in the “need to know” chain:
Their direct manager
The IT leader
The owner of the company
Anyone involved in the physical security of the company – security guards, administrators, etc. Digital attacks can sometimes coincide with physical attacks. In some cases, building security (in a large multi-tenant building) should be notified as well to not accept visitors while breach response is active.

The average time to deliver an office IT project is more than 10 months from start to delivery, according to a study by Fortune. People can start suing related to CCPA in half that time, starting January 1, 2020. For solution providers, this isn’t the kind of project you can wait on, and IT security companies and MSPs working in cybersecurity need to press the importance of compliance by the deadline. The script looks like this: “You need to put in reasonable security proceeds and practices by January 2020 or face fines that can easily reach into the millions.”

More Info: comptia cloud essentials salary

Monday, April 20, 2020

Penetration Tester Vulnerability Analyst

Penetration testers and vulnerability analysts do bad things for good reasons. These positions require thinking like a cybercriminal in terms of hacking and violating security breaches so organizations can learn where their network weaknesses are and take measures to protect themselves against that exposure. Because of the various tasks and reporting that pen testers do — such as collecting data, deploying testing methodology, locating and managing vulnerabilities, and reviewing physical security — project management knowledge is a desirable qualification.

Feeling good about cybersecurity or understanding the issues involved are hard to measure, but tracking progress should not be. Using metrics for cybersecurity is a relatively new concept. In the past, most companies would claim success if there were no security breaches (that they knew about). But in today’s environment, a security breach can go months without being detected, causing damage the whole time.

IT pros can take the lead on building consensus around the metrics that matter for the organization and reporting on progress to help justify any investments being made.

Some commonly used metrics include the following:
Number of successful security audits
Percentage of employees who have been through security training
List of systems that have had a formal risk assessment

Most companies are trying to break down silos and build a collaborative environment for discussing technology. In this environment, the business units can describe goals and timeframes, and IT can describe tradeoffs and possibilities. This strategic approach is in its early stages, and coming to agreement on risk tolerance and cybersecurity actions will be a major ingredient in moving the discussion forward.
More Info: a+ network+ security+ salary

Friday, April 17, 2020

Standardizing Embedded Linux Development

Embedded Linux has a slightly different development cycle and tool set. A credit-card-sized computer does not have the same resources as a server or desktop machine, and they don’t have a basic input/output system (BIOS).

The Embedded Linux Boot Process:
A boot loader, u-boot, loads the hardware abstraction layer (HAL), which is called a device tree.
Then the boot loader validates the hardware, locks the driver area and passes control to the Linux Kernel.
The Linux Kernel initializes the hardware and completes the boot process to a fully running Linux system.

U-boot is not maintained by the Linux kernel team – it is designed for embedded systems. While the device tree is nothing like a BIOS, combined with u-boot, it replaces the BIOS in embedded Linux systems.

The device tree is a high-level editor and compiler that creates the binary image that replaces the BIOS. These are steps that exist in building an embedded Linux system that are not necessary or even understood by server and desktop Linux developers.

Agencies can build on the progress made with integrated eligibility. Once agencies have a single application to manage multiple health and human service programs, they can improve citizen engagement, and extract insights from the application data collected. Agencies can transform the citizen’s experience by providing personalized, responsive portals to connect them to services and to foster trust and engagement between citizens and agencies. Data insights help caseworkers deliver improved outcomes by giving them a holistic view of clients and the influences on their lives so they can best support them on every step of their journey.”

More Info: jobs you can get with an a+ certification

Thursday, April 16, 2020

Traditional Tech Hiring Practices

Everyone has a role in bringing new minds into technology, said CompTIA community’s leader Kathleen Martin. “Parents, educators and businesses—yes, you—can play a key role in inviting people into the tech workforce,” she said. For IT companies, it starts with undoing some of the traditional hiring practices. Here are four tips for those hiring and looking to add new points of view to the industry.
Celebrate All Sorts of Education

About a third of adults who’d like to be in IT are afraid they can’t because they don’t have a four-year degree, according to research from CompTIA in The Role of the Confidence Gap in Tech Career Development. It’s possible to have a successful tech career without a computer science degree—plenty of MSPs have run companies for decades on their hard-learned knowledge without a degree to back it up. So why do so many IT job applications require a college degree?

“We have to destigmatize not getting a four-year degree,” said Carolyn April, senior director of industry analysis at CompTIA during the Combined Workforce Communities Meeting: The IT Workforce of 2026 session at ChannelCon 2019.

Today, new collar technology jobs focus on skills-centered training and performance-based credentials. “Companies like IBM are relaxing their requirements on four-year degrees, and parents need to start thinking about the way we view that path toward success,” said Sue Krautbauer, senior vice president of sales and marketing at Techadox. “It used to be that the only way to get in the workforce was to go to college, but it’s not that way anymore.”

It’s not enough to change the HR requirements, said Aaron Woods, principal consultant at CEX Services LLC, and show potential IT pros the steps to getting work. “We need to ensure kids understand specifically what it is that they need to do to enter the IT workforce,” he said. “A lot of these kids start with coding but don’t continue. You’ve got to start with the educational piece to let them know what they need to do.”
More Info: what jobs can i get with a+ certification

Wednesday, April 15, 2020

IT Pro Webinar: DDoS 2.0

Distributed Denial of Service (DDoS) attacks have become more common, more powerful and more useful to attackers. They have morphed from mere botnet-based approaches to AI and data-driven models. Why are DDoS attacks becoming more common? Are they part of a larger strategy? What are the essential techniques and best practices that IT pros can use to handle them?

CompTIA Chief Technology Evangelist Dr. James Stanger has assembled a panel of IT pros that have real-world experience handling attacks. This panel of experts will discuss how DDoS attacks continue to morph. They will also discuss traditional and new techniques, as well as best practices for preparing for, and managing, these attacks.

Meet the Speakers:

Dr. James Stanger

Chief Technology Evangelist — CompTIA

Dr. James Stanger is the Chief Technology Evangelist at CompTIA. His wide range of expertise includes certification and certification design, using social media in business, e-learning creation, security, Linux and open source, and web development. An award-winning author, Stanger has written titles for O’Reilly Media, McGraw-Hill, Prentice-Hall, IBM, Wiley and Elsevier. He has also acted as a security consultant for various entities, including the Association for Corporate Council, Brigham Young University and Security (purchased by McAfee).


Chris Hodson

Chief Information Security Officer (CISO), EMEA – Tanium

Chris Hodson is an information security, data privacy and risk management leader with a subject matter expert background in strategy, architecture and design. He possesses 18 years’ professional experience obtained across the financial, retail, energy and media industry sectors. As a CISO, Hodson is a trusted advisor to executives, board members and other stakeholders, helping them define well-balanced strategies for managing risk and improving business outcomes. Hodson holds an MSc in cybersecurity from Royal Holloway and retains an active role in the Infosec industry through directorship of the IISP and membership of CompTIA's Cyber Security Committee.


More Info: comptia a+ requirements

Tuesday, April 14, 2020

DoD Cybersecurity Job Categories

The DCWF defines seven broad job categories including 33 specialty areas and 54 work roles. Cyber personnel categories and additional work roles were added from the NICE framework.

These are the 7 job categories shared by both frameworks:
Security Provision: May include jobs such as architecture, engineering, operations that include information assurance compliance, software, security engineering, system development, research, etc.
Operate/Maintain: This may include customer service, tech support, data administration, knowledge management, network service and security analysis.
Protect/Defend: This involves defense against cyberattacks, defense analysis, incident reporting, vulnerability assessment and related areas.
Analyze: This pertains to different types of network analysis, resource intelligence, exploitation analysis, threat analysis, etc.
Operate/Collect: This is defined as applicable to cyber operations and planning, collection operations, planning and implementation.
Oversight and Development: This pertains to the legal consequences of conducting operations in the digital realm, with emphasis on planning, education and awareness.
Investigate: This is relevant to investigations and forensics work as it relates to online security or related issues.

In comparison, DoD 8570.01-m only includes four broad job categories:
Information Assurance Technical (IAT)
Information Assurance Management (IAM)
Information Assurance Security Architecture and Engineering (IASAE)
Cyber Security Service Provider (CSSP)
More Info: a+ certification jobs with no experience

Monday, April 13, 2020

Civilian IT with CompTIA Certifications

From the Help Desk to Cybersecurity

Like many IT pros, Brady got his start at the help desk. He met an IT pro and fellow Marine from one of the vendors working with his company. Their shared military service and tech interests led to a friendship – and a professional connection. At that point, cybersecurity was not really related to what Brady was working on, but his new friend pointed him in the right direction.

Brady’s new-found mentor worked for NetScout, and years later, after Brady had gained more experience and earned cybersecurity certifications, including CompTIA Security+ and CASP+, his mentor gave him a heads up about the opening at NetScout.

“He gave me an opportunity to do something outside of my norm,” Brady said. “He saw something in me that maybe I didn’t see at the time, and he gave me an opportunity.”

Today, Brady’s mentor serves as one of the company’s chief solution architects, which is a high-level position that Brady aspires to reach in the long term, perhaps in a matter of decades. Playing the long game for career advancement means having a plan, which is something Brady has. With guidance from his mentor, Brady has taken on even more responsibility to make sure he’s prepared for the evermore complex technological future we will all face.
More Info: comptia project jobs

Friday, April 10, 2020

How to Become a Threat Intelligence Analyst

Most companies hiring a threat intelligence analyst are looking for someone with a bachelor’s degree in computer science, cybersecurity, programming or a related field. However, this may not be required if you have several years of experience under your belt.
Threat intelligence analysts need a “very particular set of skills,” to quote Liam Neeson in Taken. They need to stay focused, manage a heavy workload and know when to pursue something and when to move on. Threat intelligence analysts will encounter false positives, so they need to persevere and not get discouraged.
In addition to analytical skills and computer networking experience, as mentioned above, threat intelligence analysts need to be able to communicate their findings to a non-technical audience and make recommendations to inform business decisions. They also need to think one step ahead of a threat actor to try and figure out what they might do next. Knowing foreign languages can also be beneficial when hunting down global threats.
The following certifications can validate the skills needed to become a threat intelligence analyst:
  • CompTIA Network+
  • CompTIA Security+
  • CompTIA Cybersecurity (CySA+)
  • CompTIA PenTest+
  • Certified Information Systems Security Professional (CISSP)
  • Global Information Assurance Certification (GIAC)
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)

More Info: network plus certification salary

Thursday, April 9, 2020

CompTIA Network+ Prepares Job Roles

IT pros hoping to land a specific type of networking job require training that prepares them for the role they want to assume. CompTIA Network+ does this, covering the skills needed for specific job roles, whereas CCNA covers the skills needed to work on Cisco products, regardless of role.

This means that if a hiring manager wanted to quickly onboard a new network support specialist or network administrator, for example, someone with CompTIA Network+ may have a leg up on someone with CCNA because they know and possess the skills needed for the job and can apply those skills to any equipment.


Franchising and Licensing

While franchising and licensing your business can be costly, it lets you scale your business at a much faster rate and can have a significant impact on your overall business growth. The specific systems, processes and procedures that support this business model, once in place, can ease the transition as the business owner begins to exit the business. A business that can survive and thrive without depending on the owner will have more success than those that cannot.

CompTIA Network+ provides deep knowledge of computer networking and ensures IT pros have all the skills they need to function effectively in the following roles:
Network Support Specialist
Network Administrator
Network Field Engineer
Help Desk Technician
Systems Engineer

IT professionals who want to get into networking as quickly as possible and feel confident in their ability to take on any of the roles listed above should pursue CompTIA Network+.
More Info: comptia certified jobs

Wednesday, April 8, 2020

CompTIA Network+

CompTIA Network+ helps you develop a solid foundation of computer networking and IT infrastructure skills. It covers the following tasks related to jobs like network support specialist, junior network administrator, systems engineer and network analyst:
Design and implement functional networks
Configure, manage and maintain essential network devices
Use devices such as switches and routers to segment network traffic and create resilient networks
Identify benefits and drawbacks of existing network configurations
Implement network security, standards and protocols
Troubleshoot network problems
Support the creation of virtualized networks

CompTIA Network+ is recommended for IT pros who have CompTIA +A or the equivalent experience plus 9 to 12 months of computer networking experience.
Why would I choose to take CompTIA Linux+ instead of other Linux certifications?

CompTIA Linux+ is the only job-focused Linux certification covering the latest foundational skills demanded by hiring managers. Unlike other certifications, the new exam includes performance-based and multiple-choice questions to identify the employees who can do the job.

The exam covers tasks associated with all major distributions of Linux, setting the foundation for advanced vendor/distro-specific knowledge.

Everything in IT is built off of networking concepts, so starting with the basics and earning CompTIA Network+ proves you have the knowledge and understanding of networks that will help you succeed in areas like cloud computing, cybersecurity and more.
More Info: comptia a certified jobs

Tuesday, April 7, 2020

Cybersecurity Trends Impacting Careers

CompTIA works closely with industry partners to ensure our certifications align with current job roles and responsibilities. Technology changes frequently, so we update our exams every three years to meet industry needs and make sure IT pros keep their skills current. When IT pros renew their certifications through continuing education, they validate their knowledge in technology areas that matter to employers today.

In my conversations with CompTIA Subject Matter Experts (SMEs) during the exam development process, we reviewed the draft exam objectives and discussed the trending skills. Here is a summary of the findings.

cybersecurity Trends Impacting Cybersecurity Careers and CompTIA Cybersecurity Certifications
1. Security in Cloud Computing

Expect the cloud to play a larger role in CompTIA Security+ (SY0-601) and CompTIA CySA+ (CS0-002) in 2020. The core technical cybersecurity skills are largely the same (e.g., a firewall is a firewall), but the infrastructure environment will differ. Data is either on site or it’s in the cloud. The main difference will be policy. When storing your data on third-party systems, there must be rules of ownership and agreement about security in the cloud and how you’ll work on the systems.
2. More Cybersecurity Threats, Attacks and Vulnerabilities

The list of cybersecurity threats, attacks and vulnerabilities continues to grow, and cybersecurity professionals need a new understanding to defend against them.

Newer attacks, such as drone reconnaissance, use drones to fly over facilities to collect data for eventual attacks. One of the IT technicians I spoke with flew a drone over his company’s enterprise campus to identify vulnerabilities. The drone scanned computer networks as it flew over, and the technician was alarmed by the weaknesses it found. In response, his company set up surveillance systems and cameras to identify low-flying objects entering its airspace. The risk was too great to ignore for its national defense work.
More Info: comptia a+ jobs near me

Monday, April 6, 2020

What Are Security Controls

Cybersecurity professionals need to fully understand these regulations because each one includes a specific number of security controls. These are broad cybersecurity tasks that must be implemented, such as backing up information systems or encrypting data, both at rest and in motion.

PCI DSS has more than 50 security controls, HIPAA has more than 100 and FISMA has more than 1,000. The more cybersecurity controls, the more difficult the regulation will be to implement. NIST Special Publication 800-53 outlines common security controls used by industries across the globe. Security control examples include ensuring access control policies and procedures, access enforcement, separation of duties and least privilege permissions.

When things like this happen – especially in the context of a democratic election, folks start to point fingers. First, they blame the messenger, especially if that messenger isn’t properly prepared. Next, they blame the technology. For example, we’re seeing articles blaming the not-so “mysterious startup” called Shadow for the problem. Yeah, blame the provider! Then, folks usually in order:
The messenger
The vendor
The technology
The IT department (or a lucky scapegoat)
The executives running the organization

In my experience, it should be the folks running the organization, but let’s not focus on just pointing fingers.

These controls are critical to ensure global economies function securely and businesses continue to provide services, to maintain our medical systems, and to protect our national security. There are few tasks more noble than implementing security controls. More Info: comptia a+ technician

Friday, April 3, 2020

Benefits of Being an IT Specialist


Being a Specialist Is Priceless

Specializing in a certain topic these days is rare, and therefore leads to greater appreciation. An IT specialist has a huge advantage when it comes to problem solving because you know the ins and outs of your craft. As an expert, you can potentially predict upcoming changes in the industry since you know it like the back of your hand.

The 2020 IT Industry Outlook found that IT managers are looking for the following skills:
Depth of Skill in a Particular Field: Since you are a master in one specialty, you will be impressive to IT managers who are looking for an IT pro with a specialization.
Problem Solving: With your extensive skills, you are a great resource at your organization when specific problems arise, and your ability to solve problems is very strong.

Experts tend to be extremely efficient due to their high level of knowledge, and efficiency helps save companies time and money. As an IT specialist, you won’t need as much training and babysitting in your job role, which, in turn, makes you more productive. You ensure quality in your work, which takes stress off other people at your organization.

If a hiring manager had to choose between an IT generalist or an IT specialist for a specialized job, the specialist would have the upper hand because they wouldn’t require as much training, and their detailed knowledge is a no brainer.

As you can see, there are pros and cons to each option. IT pros have to think about which is right for them – and it doesn’t necessarily have to be a permanent decision! After weighing all the options – do you see yourself as a jack of all trades or a master of one?

More Info: comptia a certified jobs

Wednesday, April 1, 2020

The Latest on Managed Services Trends

Volley hosts and CompTIA research analysts Carolyn April and Seth Robinson take a look at CompTIA's new report about the latest trends in managed services. They touch on the evolution of the complexity of the managed services space, especially in the two more popular facets: IoT and security. “Where I think MSPs will really benefit is if they can up their game in the data collection and analytics area. All of these sensors involved in IoT are collecting reams of data and if you, as a third-party, know how to analyze that data, and then be proactive and prescriptive with your clients, that is high end service, and these higher level services can bring you bigger profit margins.”Carolyn April, Senior Director, Industry Analysis, CompTIA

As you can imagine, cybersecurity involves knowing your systems inside and out, and knowing the security involved in protecting those systems. Another great skill to have is Linux because it’s very a handy skill in cybersecurity careers.

IT pros in software development who want to transition into a mid-level cybersecurity job may want to get one of these certifications:
SANS/GIAC
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
CompTIA Security+

Later in the month, Carolyn and Seth tackle a topic on everyone's mind: remote work. So many people and companies have had to pivot immediately to a remote environment and try to maintain some normalcy in a very not-normal time. Carolyn and Seth share their own experiences while addressing common or unexpected tech topics related to the current work conditions. They also cover different remote work set-ups and tips for how to find pockets of productivity.“I started off thinking I could throw open the laptop wherever. But over the long term, it helps me to have a space set up that I feel like I’m entering a workspace. It took me a little while to figure out how important it was to set something up to feel that I was working rather than limping along.”Seth Robinson, Senior Director, Technology Analysis, CompTIA

More INfo: a+ certification jobs with no experience