Transcender, SelfTest Software, and Kaplan IT Training: What’s in a Name?

April 24, 2018 at 3:00 pm | Posted in Kaplan IT Training news | Leave a comment
Tags: , , , ,

What’s in a name? That which we call a rose,
By any other name would smell as sweet…

You may have noticed the changes afoot on our new website, but as the immortal words of Shakespeare suggest, despite our new appearance, we are still your friendly neighborhood test preparation provider.

We have a new name—Kaplan IT Training—but to clarify, this was merely a name change and not an acquisition. While we’ve officially (and finally) rebranded to the Kaplan name, we’ve actually been a part of Kaplan for over fifteen years, and the same in-house content experts have been developing our products for more than a decade.

In short, the new logo is nothing to worry about. What has changed for the better is our website, test engine, and customer experience (as we’ll explain in a future post).

Early beginnings: SelfTest Software and Transcender

The team now known as Kaplan IT Training began over 25 years ago as two separate companies: SelfTest Software and Transcender. In 1992, SelfTest Software (STS, informally known as Big Red Self Test) launched a completely new product for the digital age: practice test content presented in an engine that emulated the live exam experience. STS focused on exams for Oracle, IBM, and Novell (remember them?).

Shortly thereafter, a company called Transcender also jumped on the test prep bandwagon. Their flagship products were for a new certification program named the Microsoft Certified Professional program (remember when it was small, intimate group of candidates?), first released in 1993.

Old STS Logo

STS Logo Circa 1996

Old Transcender Logo

Transcender Dude
Circa 1997

The Kaplan acquisition, 1999-2003

From the time Stanley Kaplan founded Kaplan Test Prep, the company’s mission was to help students pass standardized tests in a then-novel way: by teaching exam strategies that showed how questions would be asked as much by tutoring the content.

Realizing that IT certifications complemented their line of test preparation products, which were then geared towards the SAT and CFA certifications, Kaplan purchased SelfTest Software in 1999 and rebranded it as Kaplan SelfTest. They later expanded the product line when Kaplan SelfTest bought Transcender in 2003. Continue Reading Transcender, SelfTest Software, and Kaplan IT Training: What’s in a Name?…

Women In Cybersecurity introduces KITT content expert Robin Abernathy

March 29, 2018 at 3:29 pm | Posted in Careers, Certification Paths, CISSP, CompTIA, cybersecurity, Knowledge | Leave a comment
Tags: , , , , , , , , ,

Women In Cybersecurity is a quarterly IT blog feature that addresses news and information for women who wish to find out more about careers in cybersecurity.

If you were asked to picture a noted cybersecurity educator and author, you might not imagine a tiny woman with bright red hair and a thick Alabama drawl—that is, until you saw one of her CISSP instructional videos or tried to fit into her standing-room only panel at the recent (ISC)2 conference. And if you were interested in earning one of those security certifications that routinely make top ten lists—certifications like CISA, CISM, and CISSP—you’d find that she wrote not only the practice test, but frequently wrote or co-wrote the textbook as well.

Robin is no stranger to challenge. Her career journey has been a noteworthy progression, as IT in general and cybersecurity in particular are still fields primarily populated with males. Like many IT specialists, she followed a non-traditional career path, starting behind the counter in a strip-mall PC shop in the 80s. She taught herself PC repair, moved from sales to desktop administration, and then took a variety of jobs in network administration and database administration. Robin honed her skills at the primary IT support specialist at the Alabama Institute for the Deaf and Blind, where she was responsible for many of the institution’s computer security initiatives, including software updates and documentation, culminating in a coordinated response to the Y2K crisis.

Robin’s strength as a writer and her ability to organize information enabled her to move forward in her career, and eventually led her to a job at a training provider called SelfTest Software. She’s now the shortest and the most senior member (four foot ten and 18 years, respectively) of the content development team at Kaplan IT Training (formerly Transcender and SelfTest Software).  Her twin specialties are project management and cybersecurity, particularly information security and auditing. Her many certifications include CISSP, CASP, Security+, Network+, Project+, A+, PMI’s PMP and CAPM, and ITIL Foundations. Her latest textbook is the CompTIA Project+ Cert Guide: Exam PK0-004 (Certification Guide) published by Pearson IT Certification. Two forthcoming titles are the 2nd Edition CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide (with coauthor Troy McMillan) and the 3rd Edition CISSP Cert Guide (with coauthors Sari Greene and Troy McMillan), also from Pearson IT Certification.

Robin was willing to share her experience with me for this blog post, which we hope will help students who are curious about cybersecurity careers.

Shahara: What is the most fulfilling part of your job?

Robin: I have an affinity for constant change. I thrive on it. And the world of cybersecurity has real-world direct connections. What I like are the real-world stories. There’s always something new. There are new attacks, so I have to stay abreast of the here-and-now versus the used-to-be. The knowledge you need to know is always building and changing. It’s never static.

Shahara: What do you think about certification as an enhancement to the traditional college path?

Robin: I facilitated a recent discussion at a conference where I explained why the certification route is necessary. Attendees asked me the same question, and as I told them, 15 different colleges may have 15 different curricula. I cannot truly measure your job skillset because the requirements and class emphasis will probably be different for each college. Certification standardizes what the industry expects. For instance, CISSP has a blueprint. Employers can see that you have mastered what companies are looking for once you have passed the certification. With a certification, I can assess your knowledge.

Shahara: What would you suggest that colleges and universities do to help their students?

Robin: In the future, colleges and universities might want to consider adding a practicum component to their requirements along with basic certifications.

Shahara: So what are your thoughts on the roles and possibilities for women who want to go into cybersecurity?

Robin: When I was presenting at a recent conference, I noticed that there weren’t many women in attendance, and most of the ones I did see were in support and administrative roles. I presented to about seventy participants, out of which about five were women. Let me tell you: women are needed. I want to see more women in the field. We don’t have enough people in cybersecurity in general, and we’ll only be adding more jobs as more advanced persistent threats. Everyone doesn’t have to be a programmer. There are many other opportunities that require different abilities. I say, investigate and find out where you fit best.

 

If you have questions, she can be reached by email: robin.abernathy@kaplan.com.

See you soon with more great stories about women in cybersecurity!

–Shahara Ruth

 

 

 

Free Kaplan IT Training Webinar: The Ins and Outs of Digital Currency

March 14, 2018 at 11:41 am | Posted in cybersecurity, Kaplan IT Training news, Knowledge | Leave a comment
Tags: ,

Digital currency, also known as cryptocurrency, is one of the most controversial monetary innovations to hit the market in this century. As the financial sector changes and new technologies are developed that incorporate cryptocurrency, more questions arise regarding its legalities and security risks. In response, Facebook recently announced it will no longer allow Bitcoin advertisements. Why all the fuss? Is it or isn’t it real currency?

Our webinar will discuss cryptocurrency, specifically the Bitcoin, including an overview of its security risks, its uses, and the major players in the Bitcoin market. The webinar will be hosted on March 21, 2018 by our resident digital currency guru and Microsoft content developer, George Monsalvatge.

To register for this free and informative webinar, please click the link:

Digital Currency Webinar registration link

Webinar time:

March 21, 2018, at 10:00 am CST

CISSP’s New Adaptive Format: Why It Should NOT Change Your Studying Plan

February 19, 2018 at 7:58 am | Posted in (ISC)2, Study hints, study tips, Technical Tips | Leave a comment
Tags: , , , ,

By now, many of you have heard about the move to Computerized Adaptive Testing (CAT) for (ISC)²’s Certified Information Systems Security Professional exam — or as we call it, the CAT CISSP. (If you haven’t, we suggest that you read this article from our sister company, CyberVista: December 18th, 2017: Happy CAT Day.)

Now, adaptive testing is nothing new. At various periods, almost every test vendor I know of has tried this method as a means to protect their valuable intellectual material. There are basically two different ways to make a test adaptive: choose-your-own-adventure, and sink-or-swim. In the first kind, the content runs along a choice decision tree where your answer to an initial question determines which subset of related questions you’ll see (an example was Cisco’s old TSHOOT exam). Alternatively, the content can scale up or down based on how well you answer “easy” or “hard” questions—in other words, your test will get shorter or longer based on how well (or poorly) you’re scoring.

How to sit for the adaptive CISSP exam

But we aren’t writing this article to talk about adaptive testing. We’re writing this article to ensure that you understand what the CISSP exam entails and how you should study for it. Our advice applies whether you plan to take it in the next couple of months or wait for the new edition that’s being released in April 2018.

First of all, let me clear up a few misconceptions you may have.

  1. The domains covered in the exam have not changed. (They also are not changing in the new edition.)
  2. The topics covered in the exam have not changed. (They will be changing later this year, but that will be the subject of another blog post in April, so be sure to subscribe to our blog for updates.)
  3. The format of the questions has not changed – you still may see multiple choice, drag-and-drop, and hotspot questions.
  4. The domain weighting has not changed. You’ll see the same percentage of questions per topic as before. (They will be changing later this year, which of course, will be covered in my April blog post.)
  5. Finally, the passing standard has not changed.

Now, let me give you the vital statistics.

  1. The number of items in the exam HAS changed. The non-CAT version had 250 questions. With the CAT version, everyone will see between 100 and 150 items. That’s right — the exam is SMALLER.
  2. The maximum time for the exam is now 3 hours instead of 6 hours, including whatever breaks you need (not including medical exemptions.) That’s right — the exam is SHORTER.
  3. Of those 100-150 items, 25 will be non-scored beta questions.

It won’t be possible to tell which items are scored and which ones aren’t, so you should do your best to answer every question. Also, (ISC)² is adamant that due to the design of the test, test-takers at all levels of mastery will subjectively experience the test as “difficult.” In fact, they state that the adaptive nature means that “both high and low ability candidates will think the items at the end of the exam are challenging.”

But there are two very important points you should remember going into the exam: if you don’t answer at least 75 questions you will fail by default, and once you’ve answered a question, you can’t go back to change your answer.

Because the CISSP CAT exam is a variable-length computerized adaptive examination and the difficulty of items presented to a candidate is based on previous responses, item review is not permitted. Once a candidate finalizes an answer, it may not be reviewed or changed. (from (ISC)²’s FAQ)

Have you ever guessed at the answer to a question on a test, found a later question that gave you the exact information you needed to answer the first question, and then run back to correct your earlier answer? This is a common weakness in a standard “linear” test design, and it’s a loophole that the CAT eliminates completely.

But – and I am putting this in bold font, because I feel it’s the most important takeaway – you should NOT burn time fretting over a particular question just because you can’t change your answer later. If you do not answer at least 75 questions in those 3 hours, you will automatically fail the exam with the Run-out-of-time (R.O.O.T.) Rule. That means you should  keep and eye on the clock and keep moving forward.

How to preapare for an adaptive CISSP exam

So with that said, what does studying for the adaptive CAT exam really mean for you? Basically, your studying is even more important than before, because you can’t rely on standard test-taker tricks to bluff your way through material you aren’t certain about.

The actual pool of questions is the same as for the original exam. With CAT exams, you receive a medium or hard question on the topic first. Based on your answer, you will continue to receive questions on that same topic (easier if you missed the first question; harder if previous answer was correct) until the algorithm determines that you know (or don’t know) the topic. So that means you will not see as many questions in each domain as with the old format.

We do not feel that you should focus on the method of delivery of the questions because there is no way to know which topics you’ll see. For example, if I miss a cryptography question, then I may see more questions about a particular cryptography topic until the engine decides I do (or don’t) know the topic, while someone who answers it correctly may not see any more questions on that topic — although we will both receive the same proportion of questions from each domain, based on the domain weighting that is published by the vendor. So it is next to impossible to predict TOPIC-WISE what you are going to see.

With that said, remember that our practice test is a study tool. We provide very robust explanations that go well beyond the original surface of the question. Very often, our explanations provide examples whereby the INCORRECT answers would be correct in another scenario. Because of this feature, our explanations are the MOST important part of our tool.

To pass the CISSP exam (or any other test), we have always told students to read all our explanations thoroughly. Here is a blog post that goes into more detail: https://transcender.wordpress.com/2011/05/31/the-anatomy-of-a-good-item-or-why-the-heck-should-i-read-those-long-boring-explanations/

(I find it kind of funny that a blog post from 2011 is still just as relevant today!)

So that is my big study suggestion: read those explanations and try to absorb any extra details we provide there, then follow the reference to make sure you thoroughly understand the concept. We write those explanations to help you learn. Don’t just read our questions and expect to pass the exam! You REALLY need to LEARN the material — and that means ALL of it!

Happy CATting,

-Robin Abernathy

Microsoft Beta Exams Aren’t Free Any More – and I’m Glad

February 8, 2018 at 4:28 pm | Posted in Microsoft, Vendor news | Leave a comment
Tags: , ,

Nothing is truly free in this world; it all costs something in the end. This is even true with Microsoft beta exams, that unspoken perk of the IT industry. It used to be that IT pros could register for and sit a beta exam for free. If you passed the 3+ hour exam, you got the credential and Microsoft got valuable psychometric information, plus written feedback on individual questions. Even if you failed the exam, you got a valuable free preview of the content that would help you study – again, without any cash outlay. The only drawback was waiting weeks for your score report to drop.

Given my career as a trainer, it was important for me to teach the latest classes, and I had to take the corresponding certification exams. I did not want to pay hundreds of dollars out of pocket to take a certification test when I could take it for free. Well, a lot of people had the same idea, and that meant it was extremely difficult to grab a seat for a beta exam. It was almost like camping out for U2 tickets in front of the box office.

However, I’ve also noticed a strange trend in the last couple of years. Beta periods have lasted longer and longer instead of selling out immediately. I’ve been able to get a seat in every beta exam I’ve wanted for several months. Does that mean fewer people are interested in taking Microsoft exams?

I-dunno

I’ll come back to that. But apparently Microsoft wasn’t getting the results they needed or wanted from beta seats, so as of late November 2017, they announced that beta exams are no longer free.

The human paradox: we value the things we pay for

While it might seem like a dumb idea to take a product that you’re having a hard time giving away and start charging money for it, this is actually a really sound business principle.  It’s human nature for people to not value something that is free. It turns out that a lot of people registered for beta exams and never showed up at the test center to take the exam.

BenStein

This caused the limited number of test seats to go unused. The folks that ran the test centers were upset because people did not show up. Since the exams were free, the no-show candidates weren’t penalized. The Microsoft  folks did not get their feedback. And I’m sure Microsoft wasn’t happy shouldering the facility costs involved.

Years ago, I worked for a training company that offered free one-day seminars on various technical topics. We had maximum registrations on each class, but on average, only 33% of those registrants would show up for the seminars. But when we started charging $59 for the seminars, 90% of the registrants showed up — and we ended up with the same total number of attendees as we did when the seminars were free.

What hasn’t changed: beta geo-restrictions

To my knowledge, Microsoft still places geo-restrictions on beta exams. In the past, you could not take an exam if  you were located in India, Pakistan, or China. I was told this was due to fear of the exams being pirated. The last beta that I participated in had the geo-restrictions in place, and I believe these geo-restrictions have not changed with the new fee policy.

20160721-SorryChina-04

What has changed: beta exams aren’t free—but they’re still a great deal

Although Microsoft betas aren’t free any more, they are heavily discounted. The beta exams are 80% off the price of the exam. So if the exam fee is normally $165, you will pay $33 to take the exam, which is still a heck of a bargain. And, recognizing that a beta exam isn’t a perfect testing instrument, Microsoft has built a fail-safe into the cost. If you pass, you get credit for the exam. If you fail, the funds that you paid for the beta exam will be applied to the cost of a future exam after the beta exam is scored. Beta exams can be scored from 4 to 12 weeks after the exam was taken. …So, technically, if you don’t pass, then the beta exam is still kind of free. Right?

So, as it turned out, I was winning all those free exam tickets only because Microsoft had to keep them open for longer and longer periods to get enough valid candidates. This change in the beta test policy will help out those candidates who truly want to take a test by ensuring that there will be a spot available. It will help the test centers by ensuring that seats in the center will actually be used. Of course, it will help Microsoft by making sure that the more dedicated and qualified candidates sit for the exam, which will improve their psychometric data.

All in all, I’m fine waving this particular “free” lunch goodbye.

Happy testing,

George Monsalvatge

Last Chance to Save (NO EXCLUSIONS)

December 15, 2017 at 11:06 am | Posted in Careers, Certification Paths, LPI, Microsoft, Oracle, PMI | Leave a comment
Tags: , , , , , , , , , , , , , , , , ,

After a long 2017, it’s now that time of year to think about what you should give up or do differently for 2018. Are you planning on losing or gaining more weight? Exercising more, watching more streaming shows,  or curling up with more good books? Perhaps picking up a new hobby or going back to a project you once abandoned?

We have a better idea. One that could translate into a higher salary or better career. Why not make getting an IT or project management certification as one of your New Year’s Resolutions? From the highly sought-after certifications like CISSP, CEH, and Security+ (just released the new version last month) to the latest Microsoft Azure, Windows, and security certifications, Transcender has got you covered!

mkt-006929-last-chance

And this time, it’s no exclusions – opening up the discount to our up-to-date eLearning (now including Juniper to Amazon Web Services) to get started and cloud-based labs to help you hone your new skills . Hurry now. This deal is too good to last into 2018, so you better act now!

Get counted! Take the Global Knowledge IT salary survey today.

December 8, 2017 at 10:30 am | Posted in Careers, Knowledge | Leave a comment
Tags: , ,

Global Knowledge’s annual IT Skills and Salary Survey is one of the industry’s largest and most valuable tallies of IT salaries across industries. Now in its 11th year, the survey gathers insight on industry salaries and in-demand certifications, and attempts to identify skill gaps in the career landscape that can help you plan future career paths.

Your contribution is confidential, and participants can opt in to receive the report by email when it is released in Spring 2018.

Interested? Click here to take the survey before it closes on December 11, 2017.

The IT Detective – Tale of a data breach

November 21, 2017 at 5:03 pm | Posted in cybersecurity, Knowledge | Leave a comment
Tags: ,

Of all the IT detective agencies in all the towns in all the world, she walked into mine. She was blonde, beautiful, and had eyes so blue they would scorch your soul. And I knew just how much that would hurt. See, I was in love with her once. Hey, maybe I’m still in love with her. How could I not be? She knew her way around a secure IT password policy and she worked for a major credit reporting agency. Even though she was the life of the party, I knew she was all business where it counted.

One look at her and my heart started banging like a bad platter on a Seagate hard drive, but I knew I had to play it cool. “Hello, pretty lady.” I said. “What brings you to my office?”

“Hi there, handsome fella’,” she replied. “I hear you’re investigating that big data hack from September. I figured I’d come looking for you before you came looking for me.”

“A lot of people’s Personal Identifiable Information (PII) was stolen,” I said. “People were outraged. They were mad, and they want answers. They want to know why it happened, and what to do next. And I want to give them those answers.”

“Well, I don’t work for Transfaxian anymore. And I had nothing to do with that data breach,” she insisted. “I just want to help you help the people who got hurt.”

She said she had nothing to do with it, but the timing of her departure was a little too coincidental. Still, if she was willing to sing, I was willing to play backup, so I invited her to Sam’s Pub to tell her story.

Casablanca1942_610_678x380_01252016035421

When she walked into the bar, she lit that dark room up like the activity lights on an overworked Cisco router. Sam poured us some drinks, I tossed him a quarter for the jukebox, and he played our favorite song. It was time to grill this pretty lady. Did I have an axe to grind? Maybe I did. We were a nice couple for a while, but work got in the way.  I spent so much time investigating data breaches that it affected me day and night. How could it not? Who can sleep when their PII is being sold on the dark web?

I was stuck in a dark cloud and depressed.  She got tired of being ignored, and kicked me to the curb. But before the first question came out of my mouth, she flashed me a smile. You know, the smile that melts the most frozen of hearts and makes you feel at ease. The last time I smiled like that, I’d just pulled off a flawless two-day security audit.

“So,” I said. “Why were the hackers able to get the Social Security numbers, birth dates, addresses and some driver’s license numbers?”

“I just know what I read in the papers,” she said. “They knew there was an unpatched flaw with Apache Struts CVE-2017-5638, but their own security team couldn’t find the flaw to fix it.”

“So they knew!” I nearly yelled. I knew she hated black olives, zero-day attacks, and unpatched servers, and when I raised my voice, I could see tears in her eyes.

“Yes, they knew,” she whispered. “But I was just another hard-working sales person trying to make a quota.”

She was one of the best sales people ever; she once sent me a postcard from Cancun after she won a sales contest. I knew this lady could pull the wool over my eyes if I wasn’t careful.

“Did you always use two-factor authentication?” I asked carefully. “When you logged into your computer or a company website, did you have to enter a username and password plus a random 4-8 character one-time code?”

She frowned. “No, I just put in my username and password when I booted up my computer or logged on to the website. I didn’t need anything else.”

“What was your password?” I asked.

“What was yours?” she responded coldly.

“Your name plus the date we met, hashtag smiley face.”

“So, at least 10 characters with numbers and special characters?” she said. “Yes, we followed that standard.”

“Ah, but how often did you change it?”

“It was supposed to be 60 days, but I changed mine every 45 days,” she said.

Clearly, it was time for harder questions. “Did your department use email to send documents like PDFs, Word files, or Excel files as attachments to other employees? Not to customers or people on the outside?” I asked. She looked away. I could see she was stalling. “Or did you use some kind of cloud storage, like SharePoint or Google drive, and just email links to the document locations?”

“Okay, okay. We emailed attachments to other department members all the time. It’s not a crime, even if it can leave cached copies on servers outside our firewall,” she snapped. Like she was a dancer in another life, and she was dancing fast now. “We didn’t use shared storage. I guess we could have emailed the links instead of emailing the documents to other team members, but we didn’t.”

“Did anyone in your department ever get phished by a hacker?”

She looked offended. “We were smart. We had great email filters. Email from customers came to the inbox, and email from spammers went to the spam folder.”

When she talked security, it drove me crazy, and it crushed me that we were not together anymore. I reminded her, “It’s a lot easier than you think to get phished, pretty lady.”

“Well, not me. I followed the company’s rules. I always used the VPN when I was on the road or in the coffee shop. And we were pretty restricted on our laptops. We couldn’t open our personal email accounts on Gmail or Outlook or Hotmail. Oh, and we weren’t supposed to use social media on the laptops.”

“You expect me to believe that?” I pressed.

“Okay, fine. So I would sometimes check Facebook or hit an Ann Taylor sale online,” she said. If she was wearing Ann Taylor now, nobody wore it better than her.

“I just worked a big case involving some Nigerian hackers,” I explained. “They used a company’s email account to send fake invoices to customers that used routing numbers for a bank in Nigeria. The customers paid the invoice, but the Nigerians got the money. Did anybody get hit with ransomware at your company, as far as you know? Or did you hear talk about any other kinds of security issues?”

“No way. The security was tight,” she said.

“Okay, so what if someone at Transfaxian lost their corporate cell phone?”

“They did a remote wipe. You lost the phone, but the data was gone. I didn’t lose sleep over it,” she said coolly.

“Did you ever have to back up your laptop?” I said.

“No, why would I? Most of my work was saved in the corporate app. I never had a device fail on me. I like to play the odds,” she said with a devilish grin.

“Well, how often did your corporate IT department apply Windows updates to your laptop?” I asked. “Large companies typically push updates to their employees on their own schedule. The credit bureau hack was possible because your company did NOT update an Apache server. Do you remember being asked to reboot your computer during the work day on a regular basis?”

“I know I occasionally had to reboot for updates. Sure. I thought we were on top of the security fixes, but I’m really not an expert,” she said sadly. “You believe me, don’t you? It wasn’t my fault. I heard some big-shot officers traded their stock and walked away with a fortune. All I walked away with was a coffee mug and a red Swingline stapler.”

“I believe you, pretty lady. However, there are folks out there who are just trying to make it in this world, trying to see if a little sun will shine on their dreams. So what do you want me to tell those hardworking stiffs who are running scared because their PII is exposed?”

She took a deep breath. “Tell ‘em, you should keep your credit frozen for the rest of your life. Or until they come up with a new kind of credit fix. Freezing your credit will keep you as safe as possible. Right now my former company says they’ll waive any fee to place, lift, or remove a security freeze through January 31, 2018.

“Other than that, make sure to join a service that lets you monitor your credit on a regular basis. I personally use Credit Karma. You also need to know that in the next few months, cyber attackers will take advantage of this incident and launch millions of phishing emails, phone calls, or text messages trying to fool people. Oh, and tell people to read the Ouch! Security Awareness newsletter so they can learn to protect themselves,” she finished.

“That’s a nice speech, but it doesn’t address how the hackers got in,” I said. Her face turned red and that firecracker personality that I’d fallen for came to life. “So what would YOU have done, big shot?” she challenged.

“That’s a hard fix, but an easy answer,” I replied. “After all, that’s why they call me the IT Detective.”

  •  Hide the version and OS identity from errors whether you are running Apache or another server. When an attacker types a nonexistent URL on your server, the version of the server can be displayed in the error message. On an Apache server, you can turn the ServerSignature off to stop the server version to being seen during an error.
  • If your web page will accept comments from customers, validate those comments to prevent cross-site scripting (XSS) attacks.
  • Explicitly parameterize queries to prevent SQL injection attacks to prevent an attacker from using a web form field or URL parameter to gain access to or manipulate your database.
  • And for heaven’s sake, keep your software updated on your server, including third-party software.

When the hail of bullets stopped, she waved away the smoke and said, “I was your bleeding heart. I was your crying fool, but you loved your IT detective job more than me.”

“I was in love with you once, you know,” I told her. “And I’ll always take the blame for why we split. I’m no good at being noble, but it doesn’t take much to see that the problems of two people don’t amount to a hill of beans in a crazy world where people’s PII is being stolen every day. Someday, maybe you’ll understand that.”

She tossed a $50 bill on the bar and stood up. “It’s time to move on, time to get going. What lies ahead, I have no way of knowing. But I told you what you wanted. So this is goodbye, handsome fella.”

“Goodbye, pretty lady,” I said. We hugged. I did not want to let go, but I did.

As I watched her walk away, I knew two things:

She would always have a piece of my heart, and the data breaches would continue. My job would never get any easier. When the most vulnerable piece of any network is the user, it just makes my job harder. It comes with the territory.

I ordered another drink, tossed out another quarter for the jukebox, and said, “Play that song again, Sam.”

313e5679fa35d8fa9f63dd415b238c6b

Stay safe,

George Monsalvatge

 

Transcender webinar: Understanding Big Data

October 19, 2017 at 9:00 am | Posted in Kaplan IT Training news | Leave a comment
Tags: , ,

Big Data is gathered from nearly everyone and affects almost every aspect of modern life, from health care to hotels and from consumer trends to traffic gridlock. Vast amounts of information is now easily accessible and shared freely among companies, but the average person has little conception of their own contributions to Big Data, or how it affects them in their daily life.

Join our Oracle certification and industry expert, John Brooks, for a free 45-minute webinar on Wednesday, October 25, 2017, at 11:00 am CST.  We will cover the definition, uses, and importance of Big Data in our economy, and explain its increasing significance to our society as a whole. We’ll also mention the main applications that are used in Big Data crunching and point the novice certification-seeker toward the best options in this growing career field.

To register for this FREE webinar, click here. (Your contact information will never be sold or transferred.)

Happy webinaring!

-the Transcender Team

Upgrading to the MCSA Windows 10 and announcing the retirement of Windows 7 exams

October 6, 2017 at 12:04 pm | Posted in Certification Paths, Microsoft | 2 Comments
Tags: , , , ,

Hi, can I still upgrade from windows 8.1 to MCSA 10, by taking 70-697?

While researching this reader’s question, I went to the Microsoft certification site and discovered that the MCSA: Windows 8/8.1 was no longer listed anywhere on the site, including in the retired certifications list. The only desktop MCSA described is the Windows 10 MCSA.

I’m confident that the information we reported in November 2016 is no longer current, and students should look at the Microsoft site first to determine which exam to take.

I also reached out to Microsoft regarding the exams for MCSA: Windows 10. Their official response was that it was no longer possible to upgrade from the Windows 8 certification. The only way to achieve a MCSA: Windows 10 is  to pass two exams, 70-697 and 70-698. Passing only one of these exams earns you the MCP (Microsoft Certified Professional), but nothing more.

The death of desktop certs

If you look at the most recent Microsoft certification paths, you’ll see that the MCSA: Windows 10 is listed as a point on the path to MCSE: Mobility.

mcse 2017

Once you’ve earned the MCSA, taking one more “elective” exam (70-398, 70-695, or 70-696) will earn you the MCSE: Mobility credential. Current and future Microsoft certifications will be divided into the following categories that reflect Microsoft’s move away from local installation:

  • Mobility
  • Cloud
  • Productivity
  • Data
  • App Builder
  • Business
Grab your Windows 7 certification while you still can

After a long, hard run, Microsoft has finally released retirement dates for Windows 7 certifications. All of the following exams will expire on July 31, 2018:

70-680: Windows 7, Configuring
70-685: Windows 7, Enterprise Desktop Support Technician
70-686: Windows 7, Enterprise Desktop Administrator

As of this writing, each of these exams earns the MCP, but no credit toward an MCSA or MCSE.

Happy certifying!

-George Monsalvatge

Next Page »


Entries and comments feeds.

%d bloggers like this: