Friday, May 17, 2019

CASP - Advanced Security Practitioner V. 002

Online Course Review Series

uCertify CompTIA  CASP - Advanced Security Practitioner
                                          V. 002 (Course & Lab) 
On-Line Course Evaluation        
Course Evaluator: Virginia Benedict, TechMarket Editor™
The Vendor-Neutral CompTIA Certified Advance Security Practitioner CASP Certification   was developed in order to satisfy the demand for a more in-depth hands-on, less theoretical, technical knowledge needed by Cyber Security Professionals.
 The CASP Certification is in compliance with the ISO 17024 Standard through the accreditation of the American National Standards Institute (ANSI).  ISO is an International Organization for Standardization and is a non-governmental entity established in 1947 and based in Geneva, Switzerland. 
The exam objectives of the CASP Certification undergoes regular reviews and updates as the industry demands.  Therefore, continuing education is required in order to maintain the certification active. 
 It is said that a CASP Certification opens the portals for a successful career in Cyber Security or Information Security.  It facilitates the IT technical professional advanced expertise in risk management, enterprise security, research & analysis, and the expert integration of systems.  It is a performance-based certification for Practitioners as opposed to Managers.
Today more than ever the need for well-trained honest Systems Security practitioners has become dire and this certification empowers businesses worldwide with skilled personnel.

uCertify offers both classroom instructor-led, as well as, self-paced online courses  and both are interactive:

While there are advantages to an instructor-led classroom scenario, there is much to be said for the self-paced online courses.

Whichever way you wish to follow the course the system keeps track of your learning progress.


The interactive visuals help with the retention of the material presented.

There are no requirements for the CASP Certification,  However, CompTIA recommends 10 years of experience wich includes 5+ years in a hands-on security role. 

For more Inforamtion:

If you have any questions, please feel free to post them here.

Monday, April 22, 2019

Why uCertify...

Online Course Review Series

uCertify CompTIA A+ On-Line Course Evaluation        

Course Evaluator: Virginia Benedict, TechMarket Editor

Comprehensive Computer Technician 

CompTIA A+ 220-1001/1002 Course & Lab               

The benefits of following an online course are great simply because as in the uCertify online courses, the student can design his/her own learning path. Regardless of your learning style, 

uCertify presents you with a Dashboard from whence you can design your personal learning path.  Especially since CompTIA highly recommends that the student have at least one year work experience in the IT support arena before attempting to get certified.  Hence with this previous experience uCertify makes it easy to create your own path.    

Tap  image to view larger

However, when it comes to learning how to architect, design, implement, troubleshoot, or support systems’ hardware, software, and peripherals from end to end nothing beats hands on learning.                                                                                                                        
While uCertify courses relatively mimic hands-on with sophisticated and easy to follow labs, I nevertheless recommend forming a study group, perhaps even building a physical lab and use uCertify CompTIA A+ 220-1001/1002 Course & Lab to follow along the learning process. That is, physically building your own computers and servers or taking apart one and putting it back together as well as networking them. Physically programming a network and handling and working with system boards, cables, connectors, adapters, etc. helps you retain the knowledge.  

Whether as a study team you decide to invest in a physical lab or not; I still recommend a study group because in an IT environment you never work alone.  It is a team effort of various tiers. Creating a team will, by default teach you how to create and maintain a productive team culture. With the uCertify CompTIA A+ 220-1001/1002 Course & Lab, you and your team will be able to play-act scenarios such as “A difficult or dissatisfy client”, “Interview a user who is having issues with his/her computer or the network in preparation for troubleshooting the issues reported by the user” …and so forth.

And lastly but most importantly uCertify provides access to instructors and technical support.

Learn More:

Saturday, January 25, 2014

Book Review: Software Engineering Architecture-Driven Software Development

Book Title/Product

Software Engineering
Software Development

Author: Richard F. Schmidt                             
Publisher: O’Reilly Media, Inc. | Elsevier
Reviewer/Blogger: Virginia Benedict

Target Audience

Project Managers, Stakeholders, Technical teams, Security Engineers, Students, and anyone interested in how software products are built.


Keen desire to properly learn about software development methodologies and best practices.


The work is comprised of three (3) Sections and 20 Chapters, a short Note from the Author, Contents, a Preface, and a well-defined Index comprising a total of Foot Noted 376 pages. The Foot Notes include references to additional reading.

The author does not include a much-needed dedicated Glossary if the work is to embrace a wide audience of professionals and most importantly the beginner student, even though he does provide an integrated version within the Index.

Illustrations and Figures

The topics and concepts are well illustrated

Companion Content

No readily available companion content

Reviewer | Blogger Comments

Review Title

Engineering for Success… Beating the 30% Odds

This manuscript is comprehensive, detailed, well organized, and easy to follow and is an important contribution to the software manufacturing industry.

The content is organized around three major topics following the SWEBoK Key Process Areas methods as depicted in Table 2 presented in the Preface:

SWEBoK Key Process Areas 
  • Fundamentals
  • Practices
  • Application
Knowledge areas such as:
  • Requirements
  • Design
  • Construction
  • Testing
  • Configuration
  • Management
  • Process
  • Methods
  • Quality
Each Knowledge area is treated within respective Sections in various chapters. e.g., Design is addressed in Section 1, Chapters 3, 6 and Section 2 Chapters 10… 14 etc.

Richard Schmidt addresses the topic of Security thoroughly all throughout the book beginning with SECTION 2 SOFTWARE ENGINEERING PRACTICES but to my surprise, not as a knowledge area given the current insurmountably persistent data breach and violation of privacy events due to poorly written software, among other culprits.  I was expecting Schmidt to stress Security in SECTION 1 SOFTWARE ENGINEERING FUNDAMENTALS.

Schmidt attributes the lack of success in software engineering to the ”almost complete misconception of what a software product design is and how to develop a complete design description. The second symptom involves the lack of a standard set of software engineering principles and practices”

I attribute the primary culprit to be the human condition and its lack of self-discipline then misconceptions and lack of standards. 

An important and complex subject matter such as the concepts, methodologies, and standards of software engineering discipline and requirements needs to be addressed from many perspectives.  Especially in a contemporary scenario where Engineering Teams are comprised of members from all walks of life, academic backgrounds, and gene pools.  This means that their natural linguistics ideology can widely differ and this impacts how the product is engineered.  i.e., look and feel, functions and features, how security is implemented in the product, etc. all are dependent on the innate cultural and social ideologies of the code writers, engineers, designers, and architects in this order or precedence.    

Therefore, the importance of works of this genres are imperative and how this complex discipline is treated when it is presented as a learning tool needs to be presented from many perspectives as does our author.

It is important to note that while the work is well organized and elegantly presented, the Contents guide in the eBook is not hyperlinked to the destination chapters. However, the author does present an introduction to each Section and a Chapter outline and introduction in the beginning of each chapter.  While I very much found useful the fact that he enumerated key concepts in the beginning of each chapter, it was distracting to me not to be able to navigate the eBook expediently through a hyperlinked Contents/Topics guide.  I had to resort to scrolling through and/or perform queries in order to review a chapter or segment within chapters.

Nevertheless, I did find useful that in his Preface he instantiated hyperlinks to tables within the preface.  I recommend the reader to pay close attention to this preface since in it Richard Schmidt presents an architectural synopsis of the work, aligned with the Software Engineering Body of Knowledge (SWEBoK) in the form of tables.  In addition, he presents a summary of the Sections and the corresponding chapters.

About the Author



If you have read this manuscript and have some opinion, comments, or praise about this work, please let me know.  Your quotes will be published with full billing

Comments | Opinions | Corrections | Quotes… Welcome

Wednesday, January 8, 2014

Book Reviews | Software Requirements Third Edition

Software Requirements

                                                            Third Edition

Authors:  Karl Wiegers | Joy Beatty
Publisher: Microsoft Press | O’Reilly Media, Inc. 
Reviewer | Blogger: Virginia Benedict

Target Audience

Business Analyst | Requirements Engineers | Software Architects | 
Developers | Project Managers | Stake Holders | Anyone who is interested in achieving greater business success with the help of automation


Anyone with a keen interest in architecting an adaptive and progressive business.

Book Structure

Introduction | 32 Chapters | A well-defined Glossary | 3 Appendices | References | 637 Pages

This structure is highly comprehensive and enticing for beginners and experienced professionals alike.  I can see that both Karl Wieggers and Joy Beatty have an in depth command of the subject matter thus could presented from top to bottom, edge to center and vice verse.  

Illustrations and Figures

In addition, to outstanding illustrations, the authors provide supporting use cases and case studies

 Companion Content

 Templates | Check Lists | Spreadsheets | Other Job Aids

Reviewer | Blogger Comments

As technological advances continue to evolve, so does the need for software development methodologies.  Likewise, as re-architected socio-economic strategies emerge, the need for adaptive business models and analytic methodologies must follow suit.

If you have read the prior two editions of "Software Requirements" and have found them to expand your subject matter knowledge base, you will want to incorporate this expanded third edition into your reference library.  I recommend reading this work individually then reviewing and discussing each chapter as a team prior to commencing any software development project.  I personally recommend centering all team discussions from a security and compliance stance.

The third edition is informative and because they build powerful illustrated instructional arguments, the authors make it easy to understand and retain the concepts and methodologies presented.  Additionally, I like their conversational literary style.  I feel as is the authors are addressing me personally.

The text is well indexed and I particularly like how the authors reference associated concepts and definitions between chapters.

About the Authors

Karl Wiegers - @karlwiegers
Karl Wiegers is a software consultant, trainer, and an award-winning author of eight books and a repertoire of articles.  He has provided training and consulting services worldwide on many aspects of software development, management, and process improvement.

Joy Beatty - @joybeatty
Joy Beatty has co-authored important works that address the realm of business analysis and agile software requirements.  As a subject matter expert Beatty has guided major organizations in the building of business analysis centers of excellence. 

Beatty has worked with numerous Fortune 500 companies spanning the semi-conductor, computer manufacturing, defense, and retail industries. She is responsible for developing new service offerings that change the way their customers create requirements. She has also adapted ideas from using games in training to create courses on topics including requirements best practices, elicitation and visual models and delivered training to over 700 individuals in industry.    

Sunday, June 23, 2013

Book Reviews: METASPLOIT The Penetration Tester’s Guide


          The Penetration Tester’s Guide                                  

Authors: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni        
Publisher: O’Reilly Media, Inc.
Reviewer/Blogger: Virginia Benedict

Target Audience:  This Guide offers a wealth of information to both the novice as Tutorial and the experienced as Reference.  For starters, the Novice will learn relevant steps on how to get started; and the Experienced with benefit from the discussions on Methodology. Program Managers and Stake Holders will benefit from a managers perspective
Pre-requisites:  Desire to lean, Integrity, Methodical, Analytical, Programming & Scripting languages recommended but not required
Overview: This Metasploit guide will help the Pen Tester get started; or take him/her to the next level 
Related Standards:  Pen Testing Standards are loosely followed due to the nature of the investigative process and intelligent garthering. 
Related Commercial Products:  Metasploit Express Edition || Metasploit Pro Edition
Related Basic Products:  Metasploit Framework Edition || Metasploit Community Edition
Chapters:  Seventeen Chapters extensively indexed and a Cheat Sheet referencing important commands with syntax commonly used within Metasploit’s various interfaces and utilities. 
A guide such as this is best produced by an extensive collaborative effort of experienced professionals.  It is especially valuable when the related community of information security experienced professionals has had direct or indirect input into the final product, as with this outstanding effort.
Once the authors have taken the reader through the absolute basics of Penetration Testing, then they introduce the basics of Metasploit, arming the novice with the necessary knowledgebase to move into the intelligence gathering processes while teaching you the various commands and tools.
I found their discussion on the risks and responsibilities of the Tester very poignant. 
I recommend that since the Metasploit Framework is large and complex requiring an array of innate and learned skill sets that the novice reader first study the organizational framework of this guide.  In other words, become familiar with the flow of the work by creating an inventory of the various learning points. 

As with any learning process, I always recommend that the “student” begin by fully understanding their learning style(s).  Be aware that you, as many of us do, may have different learning styles and combinations thereof for different learning requirements.  As a reader in this case, you might have a couple of learning styles, which you might apply in perspective. By studying the method(s) used by the authors hereby to present the information and processes, you will gain the ability to understand and retain the knowledge presented. 

About the Authors

Mati AharoniMati (muts) is a network security professional, currently working with various Military and Government agencies. His day-to-day work involves vulnerability research, exploit development and whitebox / blackbox Penetration Testing. In addition, he is the lead trainer in the “Offensive Security” courses, which focuses on attacker tools and methodologies. Mati has been training security and hacking courses for over 14 years and is actively involved in the security arena, and is the core developer of Kali Linux.

Devon kearns (dookie2000ca) is a former Communications Technician and IS Security Analyst with over 15 years of formal IT experience but his true passion lies in the field of information security, most notably in the realm of software exploitation and bug hunting. This fascination with vulnerabilities has led Devon to being the lead administrator of the Exploit Database, a co-author of the free online Metasploit Unleashed training course, and a Kali Linux developer.

Jim O'GormanJim (Elwood) is a professional penetration tester, an instructor at Offensive Security, and manages Offensive Security’s consulting services. Jim has lived online from the times of BBS’s, to FidoNet, to when SLIP connections were the new hotness. Jim spends time on both network intrusion simulation as well as digital investigations and malware analysis. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.

David Kennedy
 is Chief Information Security Officer at Diebold Incorporatedand creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit Database development team and is a core member of the Social-Engineer podcast and framework.Kennedy has presented at a number of security conferences including Black Hat, Defcon, ShmooCon, Security B-Sides, and more. - Your tech ebook super store

Friday, February 22, 2013

Forensic Science Processes & Technologies

Please Note that this is Work-in-Progress

Open for Comments and Questions










To Join this G+ Community send me a request.
Please make sure that your profile is professionally
fully developed and that you are who you say you are.

Tuesday, December 11, 2012

Seamless Unified Collaboration

Seamless Unified Collaboration with Office 365/SharePoint

Whether you wish to implement intranets, extranets, or public collaborative platforms Office 365/SharePoint is undoubtedly the suite of tools of choice.  It is elegantly engineer for ease of use, intuitive learning curve for both IT and users alike; especially since all of the familiar features and functionalities of Windows and MS Office are brought forward with enhancements.

It is a comprehensive highly secured unified communications tool for online, offline, internal, federated team management, and/or customers’ social outreach.  Microsoft Office 365/SharePoint is essentially a turnkey highly customizable platform for Audio/Video/Web Conferencing, VoIP (Voice-over-IP) and VoI (Voice-over-Internet) using Lync 2010 or 2013.

On the back end, it offers Data Center Network Capacity, File Storage, Full Server Support, Award Winning Service Help Desk and World Class Training and Demos Microsoft’s standard of quality.
The most important concern of all is fully addressed by Microsoft’s State-of-the-Art Security, Back-up, and Recovery Technology ensuring privacy and data reliability, integrity, and  high availability.  With Single-Sign-On (SSO) the user has seamless authentication and ready access with the appropriate rights management.
Integrated with Microsoft SharePoint, you can sync your teams for easy collaboration using Office Outlook to manage schedules, contacts, and mail.   You seamlessly customize a dedicated intranet Team Site to publish/archive documents, calendar of events, create exchange through collaborative comradely and much more.

The Team sites as well as the public website can be designed/customized with SharePoint Designer. This outstanding tool is installed locally on the desktop or mobile workstation for taking advantage of powerful features.   


Fig. 1 -  This is the Dash Board (Control Panel) of the Account Owner/Administrator (AO/A).  To familiarize yourself with the powerful tools integrated into the Office 365 with SharePoint I recommend that the AO/Admin open a VISIO stencil and begin to create the first layer of your project using the features and functionalities that you are planning to deploy.  I would include start and completion projected dates.


Fig. 2 -  It is important that you use layers so that each Specialist and/or team responsible for integrating the chosen services can easily follow the desired design and configuration standards.

Figs. 3 - 4 -   Using the items on the Setup Overview, the AO/A can begin to create a custom plan for the roll out.  Using the Custom Plan Pilot guide you can track it using MS Project integrated with VISIO interactive visuals


Figs. 5-6 - Each Task can be represented in VISIO as a layer detailing the steps to be taken and linking them to MS Project.





Fig. 7 -  As you can see, you have everything readily available including outstanding self-help support with dynamic context specific streaming demos, award winning community assistance and/or options to hire a Microsoft Certified Specialist.



Users' Dashboard

Fig. 8 -  This is your licensed users’ dashboard.  If you notice, on the right the user will find all of the readily available Self-Help Resources as well as Community Resources and Blogs.


Each department can deploy Departmental level Team Sites, and each Project/Program Manager can customize their own projects team sites.   

Fig. 9 -  This is using the default layout that is readily customizable

Fig. 10 -  …and with a couple of clicks and drag-and-drops, I turned it into this.

Your Team Sites can be edited with SharePoint Designer which helps you to seamlessly to create or edit lists, pages, workflows, and adjust settings.

You may also edit Team Site on the fly using WYSIWYG and drag/drop
Full integration with Office Project, Visio, Access, and the complete Office 2010 suite of applications and tools.   This is ultimately important because this makes managing your teams a seamless affair through live and passive interactive collaboration.



This is the optional vanity domain public site.  The integration of a public domain is seamless and painless whether you have an existing domain or you need to purchase a new domain Office 365/SharePoint carries you through the steps using easy to follow wizards or with phone support.



Fig.  11 -  Sample Enterprise Domain simply using the WYSIWYG available web parts.  Not one single line of code was written.

Please Note:  This is a high-level overview just to present a quick and dirty sampling of what Office 365/SharePoint Online Services has to offer to any size business; from Enterprise to Medium Businesses or SOHO Entrepreneurs.

Click the images to view them in the LightBox

If you have any questions or constructive feedback, feel free to contact me.

~ Virginia Benedict
Technologies Analyst (cir 1989)
IT Systems & Network Security/Computer Forensics (cir 2000)
Professional Social Media Managing Curator (cir 1992)
Market Engineering Strategist (cir 1984)

914-923-2103 (by Appt)