Nov 29th

The New CompTIA A+ Core Series

CompTIA A+ is the foundation of your IT career
CompTIA A+ is the preferred qualifying credential for technical support and IT operational roles. It is about much more than PC repair.

• Candidates are better prepared to troubleshoot and problem solve.
• Technicians understand a wide variety of issues ranging from networking and operating systems to mobile devices and security.
• A+ supports the ability to connect users to the data they need to do their jobs regardless of the devices being used.

Coming in January 2019 – The New CompTIA A+ Core Series
CompTIA A+ Exam Codes 220-1001 & 220-1002 (Core 1 & Core 2) will be available January 15, 2019. The new CompTIA A+ Core Series covers expanded content on these growing parts of the IT support role including an expansion of baseline security topics and a different approach in defining competency in operational procedures.

Why is it different?
CompTIA A+ is the only industry-recognized credential with performance-based items to prove pros can think on their feet to perform critical IT support tasks in the moment. It is trusted by employers around the world to identify the go-to person in endpoint management & technical support roles. CompTIA A+ is regularly re-invented by IT experts to ensure that it validates core skills and abilities demanded in the workplace.

About the exam
CompTIA A+ is the preferred performance-based qualifying credential for technical support and IT operational roles. A+ certified professionals identify issues and problem solve more effectively than those without certification. CompTIA A+ supports the ability to connect users to the data they need to do their jobs regardless of the devices being used. In order to receive the CompTIA A+ certification, candidates must pass two exams: Core 1 (220-1001) and Core 2 (220-1002). Successful candidates will have the skills to:

• Support basic IT infrastructure, including endpoint management, advanced device connectivity troubleshooting, and basic networking
• Configure and support PC, mobile and IoT device hardware, including components, connectors, and peripherals
• Implement basic data backup and recovery methods and apply data storage and management best practices
• Demonstrate baseline security skills for IT support professionals, including detecting and removing malware, addressing privacy concerns, physical security and device hardening
• Configure device operating systems, including Windows, Mac, Linux, Chrome OS, Android, and iOS and administer client-based as well as cloud-based (SaaS) software
• Troubleshoot and problem solve core service and support challenges while applying best practices for documentation, change management, and the use of scripting in IT support

What’s in this Version?
The new CompTIA A+ Core Series includes expanded content on these growing parts
of the IT support role:

A general expansion of baseline security topics core to the IT support role, including

• Physical versus logical security concepts and measures
• Social engineering
• Malware detection and removal
• Device hardening for not just PCs but devices in general

A dramatically different approach in defining competency in operational procedures

• Importance of documentation and using best practices
• Change management
• Basic disaster prevention and recovery
• Privacy concerns, including GDPR and handling PII
• Scripting basics
• Use of remote access

Networking and device connectivity are broadened

• Cloud and virtualization are now weighed more heavily
• Managing networking and device connectivity includes IoT devices
  and related protocols
• Includes the concept of Internet appliances and endpoint management servers
• Added wireless mesh networks to network types

Learn with Babbage Simmel

A+1001: CompTIA A+ Certification Exam: Core 1 (220-1001)
Gain the knowledge to assemble personal computer (PC) components to customer requirements and install, configure and maintain PCs, mobile devices and end-user software in this 5-day CompTIA A+ (220-1001) certification training course. Students will acquire a solid understanding of the basic networking and current security requirements such as diagnosis, resolution, and documentation of common hardware issues, troubleshooting and customer support. Students will also explore virtualization concepts, hardware, and network troubleshooting, understand desktop imagining procedures and software deployment throughout this in-depth course.

A+1002: CompTIA A+ Certification Exam: Core 2 (220-1002)
Acquire the essential skills needed to install, configure, optimize, troubleshoot, upgrade, secure, and perform preventive maintenance on PC and digital device operating systems (OS). In this 5-day CompTIA A+ Core 2 (220-1002) certification training course, students will explore various operating systems including Windows, MAC, and Linux. Throughout the course, students will work with Microsoft command line tools and control panels with the desktop environment and learn basic scripting. Students will also explore security and troubleshooting objectives for desktop, mobile and wireless systems as well as operational procedures.

Click HERE to learn more about CompTIA Training Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 29th

Cybersecurity: Increasing Regulation

A final aspect of the cybersecurity landscape that is worthy of attention isn’t strictly technology related but instead relates to regulation and legislation. For many years the information technology industry was left to its own devices when it came to how much energy they put into protecting information systems infrastructure. Unfortunately, the industry hasn’t been successful enough in containing such breaches. The public and eventually politicians have noticed that breaches continue to occur even as all of us move more of our lives and sensitive information online.

This has led to an increasing number of jurisdictions to introduce legislation and regulation mandating the security controls that should be present over certain types of data hosted in organizational information systems. The cybersecurity landscape has changed in that IT security staff need today not only to be conversant with the security controls available for the technologies they are responsible for managing, but also with the rules and regulations that apply to the organization’s information systems and responsibilities that must be upheld in the event that an intruder successfully breaches the organization’s systems.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 22nd

Cybersecurity: Transition to the Cloud

The cybersecurity landscape has been substantially altered by organizations moving on-premise workloads to the cloud. Important to note though is that moving infrastructure, applications, and data to the cloud doesn’t mean that the responsibility for information security shifts from organizational personnel to the cloud provider.

As has been amply demonstrated by developers leaving cloud storage containers globally accessible, the security of a deployment in the cloud is as only as good as it is configured by the cloud tenant to be. Just as with on-premise information system security, the settings to secure workloads are present, but they must actually be configured by the information technology professionals responsible for those workloads.

For example, a cloud storage container used by a major US newspaper to host website code allowed read access to anyone in the world. Attackers used this access to inject coin mining code into the web pages delivered by the newspaper to its readers. Each time a reader visited the newspaper website, some cycles of their computer’s CPU worked on generating cryptocurrency for the attackers who had modified the contents of the cloud storage container.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 20th

Cybersecurity: IoT

Another big change in the cybersecurity landscape over the past decade has been the rise of the Internet of Things (IoT). The IoT is the network of physical objects, devices, televisions, refrigerators, home climate systems, cars, and other items, that are increasingly embedded with electronics, software, sensors and network connectivity that enables these objects to collect and exchange data. While consumer operating systems, such as Windows 10, OS X, iOS, and Android have increased security features with every release and update, the operating systems of Internet of Things devices rarely receive long-term security update support from their vendors.

The IoT presents an ongoing challenge on the cybersecurity landscape in that these devices are likely to remain insecure. This is because even when vendors do provide updates unless those updates are installed automatically, few owners of these devices will bother to apply those updates. While people will apply software updates to their computers and phones when reminded, most are less diligent when it comes to applying software updates to their refrigerator, washing machine, or television.

How does this impact the cybersecurity landscape? Botnets, comprised of IoT devices have already been used to perform distributed denial of service attacks. While the processing capability of IoT devices is much less significant than that of desktop computers or servers, it’s likely only a matter of time before an enterprising attacker works out how to get rich using a botnet of refrigerators to mine cryptocurrency.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 15th

Cybersecurity: Automation of Detection

One aspect of the cybersecurity landscape that has become brighter for defenders is that it has become easier to detect attacks that would have otherwise only been apparent through expert analysis of information system’s event log telemetry. While some attackers are overt and do little to hide their presence on the network, competent attackers often spend quite some time performing reconnaissance once they have established a beachhead on the organization’s network. These attackers leave only subtle traces of their presence that you might not be alerted to unless you have sophisticated intrusion detection systems that can recognize signs of the intruder’s activities. If an organization can detect attackers while the attackers are still performing reconnaissance, they can reduce the amount of damage done.

In the past, Security Information and Event Management (SIEM) systems would analyze information and detect suspicious activities based on heuristics developed by the vendor. While these systems are effective in discovering suspicious activity, they are only able to detect suspicious activity if the vendor recognizes the characteristics of that suspicious activity. To recognize new types of suspicious activity, the SIEM system must be updated with new signatures that allow it to recognize the characteristics of that activity.
Cloud-based services, such as Azure Security Center, Azure Advanced Threat Protection, and Windows Defender Advanced Threat Protection, provide organizations with more effective threat detection functionality than traditional methods, such as manual telemetry analysis. These cloud-based services have access to Microsoft’s Security Graph. Microsoft’s Security Graph centralizes the security information and telemetry that Microsoft collects across all its sources. This includes telemetry related to attacker activity across all of Microsoft’s customers, as well as information from Microsoft’s own ongoing security research efforts.

Through machine learning analysis of this vast trove of data, Microsoft can recognize the subtle characteristics of attacker activities. Once the characteristics of a specific attack are recognized through analysis of this immense data set, similar activity will be detected should it occur on customer networks.

The cybersecurity landscape has also changed now that defenders increasingly have access to tools like Azure Security Center that can highlight and, in some cases, remediate security configuration problems on monitored information systems. In the past information security professionals would have to work through configuration checklists when hardening servers, clients, and other equipment. Today services such as Azure Security Center can provide recommendations as to what configuration changes should be made to on-premises and cloud-hosted workloads to make them more secure. Security configuration recommendations provided by these services can also be updated as new threats emerge. This helps ensure that an organization’s security posture remains up-to-date.

Defenders also have access to breach and attack simulation tools. Rather than relying on experienced penetration testers to perform red team exercises to locate known vulnerabilities in an organization’s information systems configuration, breach and attack simulation tools simulate an attack and locate known vulnerabilities. While such tools won’t find every possible vulnerability, they are likely to detect the vulnerabilities most often exploited by attackers. If defenders remediate all vulnerabilities found by such tools, their engagement with penetration testers performing red team exercises is likely to be more valuable. Using such tools before engaging a red team will certainly reduce the likelihood of expensive penetration testers discover a list of obvious configuration vulnerabilities that should have been found by even the most cursory of examinations. When an organization engages penetration testers, the hope is that they’ll discover something that the organization’s information security staff couldn’t have seen, not something that they knew about but didn’t get around to addressing.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.