You may have seen CompTIA’s recent announcement extending free membership to the CompTIA Community Information Sharing and Analysis Organization (ISAO) to all our solution provider and managed services provider members. This is an important part of our strategy to help increase the overall resilience of the IT industry and I hope that it becomes a big part of our MSP members’ strategies as well.
Since I joined the CompTIA Community, I’ve had a lot of conversations about how we can engage more with our members and what they need from us to be more successful. Joining the CompTIA Community ISAO is a great place to start. After all, the organization is built for information sharing and it takes all of us to make this work.
If you’re unfamiliar with it, your CompTIA Community member benefits now provide free membership to the CompTIA Community ISAO, which includes access to the latest threat intelligence and analysis from a trusted community of security experts and peer-to-peer networking in the Cyber Forum where you can ask questions, learn best practices, and share information.
Sharing Is Caring When It Comes to Threat Information
We realize that new members may not be sure what to share or when to share it and that is okay. Our team and the CompTIA Community ISAO leadership councils will help clearly define what we are asking members to share and how. That information will be shared shortly, but as more MSPs join the CompTIA Community ISAO with their free membership, please keep this in mind—if you think something looks suspicious, share it immediately. It might be a possible phishing email or SMS text, whatever catches your eye, submit it. If you are concerned about IP addresses or hostnames, submit it into the TruStar portal in the CompTIA ISAO platform. Otherwise, it is okay to share in the Threat Submission folder in the Cyber Forum.
If you’re reluctant to share information about a potential threat, please think about it this way, you may be at the tip of the spear, or you may have one piece of the puzzle. If everyone shares their piece, the analysts can see the whole picture. The faster we can put that puzzle together the more businesses can better protect themselves. So, everyone has a role to play even if you do not feel as if your information is valuable, it just might be the piece that brings everything else together.
Membership Is a Privilege—a Valuable One for MSPs
The decision to open up the CompTIA Community ISAO to all CompTIA Community MSP members as an added benefit is great for the industry as a whole for a few reasons. One note about membership though, the CompTIA Community ISAO is subject to release guidelines that we call traffic light protocol or TLP. For more information on TLP, please visit www.cisa.gov/tlp.
Regardless of TLP, we simply cannot allow any service provider who are members of the CompTIA Community into the ISAO from China, Russia, Iran, or North Korea. The reason may seem obvious, and we are obligated to protect the interests of the United States and all other nations from those who may seek to harm the community. This policy also helps ensure the integrity of the sharing community by creating a safe space free from potential nation state sponsored hacking groups. If you have any questions, ask me or a CompTIA Community team member, or another CompTIA Community ISAO member.
An Organization for Members, by Members
You may hear a misconception that the CompTIA Community ISAO is driven by vendor sponsors and their goals and objectives. I can assure you 100% that is not the case. The overwhelming majority of members in the ISAO are you, members of the MSP community. By the way, that’s also what our vendors want—and encourage.
To demonstrate our commitment to MSPs, we recently announced a change to the CompTIA Community ISAO executive council structure. Our executive advisory and MSP councils have been combined into an executive steering council, placing 80% of the oversight for the CompTIA Community ISAO in the community’s hands, not the vendors. The remaining 20% or less, will be for our vendor, distributor, and associate members. The subject matter expert council will still be part of the new executive steering council going forward.
Your membership allows us to continue to provide industry insights, exclusive member-only events, Technology Interest Groups, communities and councils, standards and Trustmarks, as well as business service offerings—all included with being a member. So, tell your friends and colleagues! Being a member has its privileges.
Look for more exciting changes this year. As I mentioned earlier, this is your organization. We are here to help make this community stronger, together. Please send me your feedback. Connect with me on LinkedIn, invite me to your podcasts, webinars, events. We are here to help make each and every one of you successful.
Together, we are the CompTIA Community.
Wayne R. Selk, CISSP, CDPSE, is vice president of cybersecurity programs at CompTIA and executive director of the CompTIA ISAO.
Join the Cyber Conversation!
Check out the CompTIA Community ISAO and Cybersecurity Community.