On March 28th I will be participating in a “Orange County Cyber Security Business Summit” as a panelist, with the focus of providing attendees with educational resources that focus on improving the current status of local businesses relative to potental challenges associated with data protection and privacy. In an article last month on the Small Business Computing website, the following sobering facts were disclosed:

• Forty-eight percent of SMBs say a major data breach would likely shut their business down permanently, according to the results of a recent AppRiver survey of 1,059 cyber security decision makers at SMBs with fewer than 250 employees.
• In some sectors, that proportion is even higher. 71 percent of financial services and insurance SMBs said a major breach would be fatal to their businesses, and 62 percent of healthcare SMBs and 60 percent of business consulting SMBs said the same.
• Seventy-one percent of SMBs said they’ve experienced at least one attempted cyber-attack within the last quarter, and 64 percent said cyber-attacks are “prevalent” among businesses such as theirs.

In its 2017 State of Cybersecurity Among Small Businesses in North America report, the Better Business Bureau noted, “it is time to focus on comprehensive cybersecurity solutions that are customized for the needs and constraints of smaller businesses.”

We are fortunate in Orange County to have two California community colleges that have obtained the National Security Agency / Department of Homeland Security designation as Centers of Academic Excellence in Cyber Defense (CAE). These colleges are are championing a potential grant funded effort that is designed to place students presently enrolled in the Region’s community college cybersecurity programs in internship positions that will be designed to help businesses achieve a reasonable level of defensive measures designed to provide additional protection from cyber-attacks. Students will help businesses to identify “no cost” or “low cost” resources that will enable businesses improve their resistance to cyber-attacks. As an example, we know that employee cybersecurity awareness training is a key component of a defensive program. “No cost” awareness training is available from the following resources:

• Small Business Big Threat
• Enjoy Safer Technology

Proof of substantive evidence of both a need and a resulting chance of success can be provided by identifying an existing program that mirrors much of what we plan to do. We believe it important to point out what has been accomplished through the efforts of the SBDC operating in the State of Kansas. Examples of specific SBDC activities over the past year have included:

• In partnership with the University of Kansas School of Business, providing small businesses with the opportunity to complete an online Cybersecurity Assessment that will be utilized to assist small businesses in their development of appropriate policies and procedures designed to reduce business risks associated with cyber-attacks.
• In partnership with the University of Kansas (Professional and Continuing Education Division), provide a free online course titled “Cybersecurity for Small Business.”

As we move forward with this effort, periodic updates will be provided on this blog site. If you are interested in hosting an intern, please provide your contact information by clicking HERE.

For additional information please reach out to Steve Linthicum (linthicum_steve@rsccd.edu).

I’m just about done with the CompTIA Train-the-Trainer class that finishes up next week. A couple of weeks after that I’ll receive my voucher for the new “core 2” exam (220-1002). Once I have that in hand I’ll schedule it along with the “core 1” exam (220-1001). The last week of March I’ll start taking the Train-the-Trainer class for the new Linux+ exam.

As a side note, wanted to share something that I’m distributing to faculty across Southern California. My advice to them is they need to share with their students the value of “networking” with industry professionals. That advice is shown below:

Here in Southern California we have a variety of national and international organizations that provide this ability to network on a local level. Specific networking opportunities you may want to consider getting involved with include:

• Infragard – An FBI created public/private partnership. Joining requires you go through a process characterized as a “security risk assessment.” There is are local chapters located in San Diego and Los Angeles.
• ITDRC – The Information Technology Disaster Resource Center is a volunteer organization that provides communities with the technical resources necessary to continue operations and begin recovery after a disaster. It harnesses the collective resources of the technology community to provide no cost Information, Communications, and Technology (ICT) solutions that connect survivors and responders in crisis.
• ISSA – The Information Systems Security Association is an international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. There are local chapters located in San Diego, Orange County, and Los Angeles.
• ISACA – The organization engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.  There are local chapters located in San Diego, Orange County, and Los Angeles.
• (ISC)2 – An international association for information security leaders, committed to helping its more than 140,000 certified members learn, grow and thrive. There is a local chapter located in San Diego.
• AITP – The Association of Information Technology Professionals was created in partnership with CompTIA, and serves as the go-to resource for individuals seeking to start, grow and advance a career in technology. There are local chapters in San Diego and Los Angeles.

Well it wasn’t beautiful, but once again a “pass is a pass.” See Project Plus Score Sheet. Lots of questions on this exam were not adequately covered in the exam objectives or the textbook I used (see my previous post where I identified the resources used).

Time to move on, although my move is going to be slowed a bit because I want to make sure I take both of the new A+ exams together (220-1001 and 220-1002). Because of a weather related extension, CompTIA’s “train-the-trainer” online class for the Core 2 (220-102) exam will not be completed until mid-March. Once I knock those two exams off I’ll be moving to the new Linux+ exam that is expected to go live in March. However, I’m planning to take the “train-the-trainer” online class for that certification exam, so I do not expect to take the actual exam until late spring.

As you can see from the Network+ Score Report I managed to get an acceptable score (831/900) on the N10-007 exam. Same approach I’ve used in the past with a minimal focus on the performance based questions. My custom relative to CompTIA exams is a frequent visit to different forums and Reddit to find out what people are saying about the exam. One fairly common comment centered upon a comparision of this new exam with the olld N10-006 version of the exam. The feeling among those posting a comment was the new exam was perhaps easier, but had better questions that were not designed to trick you into answering the question incorrectly. I agree. I found this exam fair in its structure, and felt much more comfortable as I hit the submit button for grading. I’m reminded of that as I viewed my December 2015 blog posting relating to the old exam.

Time to move on in this continuing effort to update my  skills in IT/Cybersecurity. I’m basically heading down two paths. The first involves doing what I’ve been doing since last June, and involves taking the most recent exams for certifications I’ve already held. Those activities included recertifying for the IT Fundamentals+, Security+, Cloud+, and now Network+ certifications. The other effort involved obtaining a new certification (e.g. Pentest+). See past blog postings where I discuss my efforts relating to these certification exams.

For the near term my focus will be on completing the exams for the Project+ (PK0-004) and A+ (220-1001 and 220-1002) certifications. For the PK0-004 exam, I have completed a worksheet based upon the current Exam Objectives and will probably focus on that certification next. My primary focus has been on the textbook CompTIA Project+ Study Guide: Exam PK0-004 2nd Edition, written by Kim Heldman. Kim has written a number of books, including resources that are focused on the PMI Project Management Professional (PMP) certification.

Hanging around the Reddit forums relating to the Project+ certification for comments relating to the exam, I managed to locate two resources shared by the forum post authors. The first is notes developed for the exam, and the second is a four page document designed to help remember formulas relating to “earned value management.” Additionally the videos for the CompTIA Train-the-Trainer course are available. My current plans are to complete this exam in February.

The “train-the-trainer” class for the A+ Core 1 exam ended last month and I received a voucher for taking the class. The “train-the-trainer” class for the A+ Core 2 exam runs from late January through February 19th, so I’m thinking that I’ll wait until after that to take both Core exams at the same time because of an expected overlap in their content. I’ve done that with previous A+ certification exams, finding a great deal of overlap that justifies preparing for both exams at the same time.

After taking the A+ exams I will likely focus on the new Linux+ single exam scheduled to go live in April. My hope is there will be a “train-the-trainer” class for this new single exam (the current Linux+ certification requires passing two exams that were developed by the LPI). I have already created a worksheet, utilizing the Exam Objectives for this new certification exam.

I took over a year to return to posting to this blog. That year has not been entirely without activity. I took and passed both the old and new CompTIA IT Fundamentals certification exam, learning last month that I’d passed the beta exam for the new IT Fundamentals+ certification. Today I took and managed to pass the newest version of the Security+ exam. I found it more challenging than earlier versions, likely as a consequence to my being outside of the instructor role for a while.

Linthicum SY0-501Score Report

The next goal is to focus on the relatively new Cloud+ (cv0-002) exam. I’m doing it because according to my transcript that certification exam needs to be taken and passed by February 2019 in order for me to remain certified. There are alternatives to certification maintenance, but from a practical standpoint it is simply an easier approach to take the new exam. The process for me initially starts by looking at the exam objectives. A first step when analyzing the objectives is I create a worksheet that will enable me to make notes where I find the need to “dig deeper” when it comes to specific objectives. I can’t overstate the importance of this process. As I go through the worksheet, I’ll input areas where additional information is needed and note what I find as the result of online research.

Based upon my recent experience in taking the Security+ exam, I’m going to do additional foundation work before I start filling out the worksheet. Utilizing the VitalSource eduator’s website, after a little research that involved viewing reviews associated with textbooks aligned with this exam, I’ve elected to use the Study Guide authored by Todd Montgomery and Stephen Olson. I use the ebook version because the application enables me to adjust font size, and it is very convenient to read utilizing my iPad. Plan as mentioned above is to complete the book and worksheet by the first week in November, taking the exam shortly thereafter.

The problem in “volunteering” is sometimes you place yourself in a box. At least I did it with my eyes wide open this time. A few weeks ago I “volunteered” to teach a 5-day “train-the-trainer” course relating to this new CompTIA certification for West Coast community college faculty at the WASTC Conference scheduled for the late June in Southern California. Problem is, with the exception of a single “textbook,” authors and publishers have not been quick to react to the production of learning materials. The single resource, based on my research continues to be the CSA+ GTSlearning Book. Having a primary role as a community college instructor, sometimes I’m able to gain access to a “pre-publication” copy of instructional materials. Thankfully that was the case with this Book.

Earlier this week I was able to complete the process of reading the instructor version of the book with 280 pages, and my honest assessment is it is worth purchasing. Admittedly it is hard to judge how well the book covers the actual exam’s content, but if CompTIA follows the expected approach where exam questions are aligned with the published Exam Objectives, the book is closely aligned with those objectives.

With exam voucher in hand, I plan to spend the remainder of the month playing around with the cybersecurity tools that are detailed in Section 4.5 (Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies) of the Objectives. Having gone through this section carefully, I prepared a reference document providing information that may be helpful and can be viewed HERE. As an additional effort I prepared another reference document listing videos for a large number of software and tools utilized by cybersecurity professionals that is available from TechTarget. They can be viewed HERE.

Always looking for clues as to exam content, I read with interest the PowerPoint slides that were posted in conjunction with a recent CompTIA presentation on the new exam. I’m paying special attention to Slide 16 in the slide deck relating to “Performance Based Assessment” and the tools that are mentioned.

CompTIA recently provided a list of marketing resources designed to inform a variety of groups about this new certification. Flyers cover a variety of audiences that include:

• Employers
• Government
• IT Professionals
• Educators
• Students

Additional marketing tools included a “product positioning sheet” and a “pathways flyer.” According to CompTIA the new CSA+ certification will contain “performance based questions.” To familiarize yourself with how these simulated questions work, click HERE. My experience relative to this style of question is be sure the testing center you use has large monitors, and focus on the simulations AFTER you have answered the multiple choice questions.

On March 27th CompTIA issue the following website content:

CompTIA Cybersecurity Analyst (CSA+): Your Questions Answered

I’ll provide an update shortly before and shortly after I take the CS0-001 exam.

UPDATE: Scheduled the exam for this Friday (April 21st). I’m feeling fairly comfortable. Recent forum comments indicate the degree of difficulty has question somewhere between the Security+ and CASP exams, with not too many complaints about the quality of questions. Hope the simulations make sense. Otherwise I’ll follow my usual approach and ignore (a.k.a. skip) them……

 

 

About ten years ago I created a website at Sierra College, providing information that relates to utilizing “intelligent guessing” concepts when trying to pass certification exams. I’m moving that information over to this site as an alternative as I expand my efforts to students from across the country.

__________________________________________________________

Preparation Course for Taking

Multiple Choice Examinations

 

The purpose of this site is to provide students at Sierra College with the opportunity to improve their scores on multiple choice exams through a systematic process designed to incorporate time management and intelligent guessing.  Completion of this course should take around one hour.  It is important that the instructions in the video be followed exactly.  There are two (2) quiz taking periods of fifteen (15) minutes each.  The proctor will need to pause the videos during those periods and watch the clock so students are limited to the fifteen (15) minute quiz period.

Prior to showing the video to students, the proctor will need to download the documents listed below.  Students need to be given the documents in a specific order and at a specific time during the video.  The proctor will be required to collect some of these documents for analysis.  Documents can be downloaded to the local computer by clicking on the links below and downloading the .PDF file. Save them in a location where they can be retrieved for printing.  Each student will need one copy of each document. Also include the second video that explains how to approach “Performance Based Questions.” The purpose of these questions is to measure an understanding of actual hands-on activities in a simulated environment.

 

Document	Links
Quiz A	Quiz A
Quiz A Answer Sheet	Quiz A Answer Sheet
Rules for Intelligent Guessing	Rules for Intelligent Guessing
Quiz B	Quiz B
Quiz B Answer Sheet	Quiz B Answer Sheet

Video Instruction Presentation

You can watch the video by clicking on the link above to access the YouTube video.

Below is a link to a video that discusses “Performance Based Questions.” The information on CompTIA’s website can be accessed by clicking HERE. The video details thoughts that relate to how to deal with these questions and potential pitfalls relating to proper time management when taking the certification exam.

Video on Performance Based Questions

 

 

 

I’m focused on improving Linux skills before taking the CompTIA Lx0-003 certification exam. That exam along with the LX0-004 exam are required to obtain the Linux+ certification. The focus point has been utilizing a series of videos on YouTube as a primer for the exam. Those videos can be accessed by clicking HERE.

I’m feeling compelled to focus on Linux because it is getting more of a focus for the CyberPatriot competition. I spent last week (November 14-18) in Gainesville, Florida, creating video content for the program with the people at ITPro.TV. That content should be available for free to CyberPatriot participants in December.

My goal is to complete the Linux+ certification before the end of December. Will report out once I take the LX0-003 exam.