You may have seen CompTIA’s recent announcement extending free membership to the CompTIA ISAO to all our solution provider and managed services provider members. This is an important part of our strategy to help increase the overall resilience of the IT industry and I hope that it becomes a big part of our MSP members’ strategies as well.
It’s been a little over a month since I joined CompTIA (and thanks to MJ Shoer, the entire team at CompTIA, and our members for welcoming me so warmly), and in that time I’ve had a lot of conversations about how we can engage more with our members and what they need from us to be more successful. Joining the CompTIA ISAO is a great place to start. After all, the organization is built for information sharing and it takes all of us to make this work.
If you’re unfamiliar with it, your CompTIA member benefits now provide free membership to the CompTIA ISAO, or Information Sharing and Analysis Organization, which includes access to the latest threat intelligence and analysis from a trusted community of security experts and peer-to-peer networking in the Cyber Forum where you can ask questions, learn best practices, and share information.
Sharing Is Caring When It Comes to Threat Information
We realize that new members may not be sure what to share or when to share it and that is okay. Our team and the CompTIA ISAO leadership councils will help clearly define what we are asking members to share and how. That information will be shared shortly, but as more MSPs join the CompTIA ISAO with their free membership, please keep this in mind—if you think something looks suspicious, share it immediately. It might be a possible phishing email or SMS text, whatever catches your eye, submit it. If you are concerned about IP addresses or hostnames, submit it into the TruStar portal in the CompTIA ISAO platform. Otherwise, it is okay to share in the Threat Submission folder in the CompTIA ISAO Cyber Forum.
If you’re reluctant to share information about a potential threat, please think about it this way, you may be at the tip of the spear, or you may have one piece of the puzzle. If everyone shares their piece, the analysts can see the whole picture. The faster we can put that puzzle together the more businesses can better protect themselves. So, everyone has a role to play even if you do not feel as if your information is valuable, it just might be the piece that brings everything else together.
Membership Is a Privilege—a Valuable One for MSPs
CompTIA’s decision to open up the ISAO membership to all CompTIA MSP members as an added benefit is great for the industry as a whole for a few reasons. One note about membership though, the CompTIA ISAO is subject to release guidelines that we call traffic light protocol or TLP. For more information on TLP, please visit www.cisa.gov/tlp.
Regardless of TLP, we simply cannot allow any service provider who are members of CompTIA into the ISAO from China, Russia, Iran, or North Korea. The reason may seem obvious, and we are obligated to protect the interests of the United States and all other nations from those who may seek to harm the community. This policy also helps ensure the integrity of the sharing community by creating a safe space free from potential nation state sponsored hacking groups. If you have any questions, ask me or a CompTIA team member, or another CompTIA ISAO member.
An Organization for Members, by Members
Since joining CompTIA, I’ve heard a misconception that the CompTIA ISAO is driven by vendor sponsors and their goals and objectives. I can assure you that 100% is not the case. The overwhelming majority of members in the ISAO are you, members of the MSP community. By the way, that’s also what our vendors want—and encourage.
To demonstrate our commitment to MSPs, we recently announced a change to the CompTIA ISAO executive council structure. Our executive advisory and MSP councils have been combined into an executive steering council, placing 80% of the oversight for the CompTIA ISAO in the community’s hands, not the vendors. The remaining 20% or less, will be for our vendor, distributor, and associate members. The subject matter expert council will still be part of the new executive steering council going forward.
Your membership allows us to continue to provide industry insights, exclusive member-only events, Technology Interest Groups, communities and councils, standards and Trustmarks, as well as business service offerings—all included with being a member. So, tell your friends and colleagues! Being a member has its privileges.
Look for more exciting changes, especially around cybersecurity coming this year. The team and I are working through a list of items provided to us from the recent Communities & Councils Forum in Chicago. There was a lot of feedback given in multiple areas, so we are not short of things to accomplish. That does not mean you should hold back. As I mentioned earlier, this is your organization. We are here to help make this community stronger, together. Please send me your feedback. Connect with me on LinkedIn, invite me to your podcasts, webinars, events. We are here to help make each and every one of you successful.
Wayne R. Selk, CISSP, CDPSE, is vice president of cybersecurity programs at CompTIA and executive director of the CompTIA ISAO.