I'm not going to do this on LinkedIn, because I'm in a CISSP group on there and got very annoyed when people posted ecstatically about passing, particularly those who did it on the first try. This was not my first try, so I can say it was mostly RELIEF that I felt. Excitement, sure, but relief at first was the predominant emotion.
What's next? Well that all depends on work, which can take you in a million directions. The CISSP is so historical, it's practically archaic, but it is still meaningful, the benchmark for the common IT guy to show he's willing to study until the eyes are falling out of one's head.
Onwards!
Wednesday, April 1, 2015
Monday, July 28, 2014
An impressive merger. Solves a lot of the open market options
http://mobile.reuters.com/article/idUSKBN0FU23320140725?irpc=932
Friday, June 27, 2014
Risk Management Framework: What lies beneath, and oh, what's this behind your ear? It's your manager's hat!
Yesterday was an important and humbling day. Sometimes you have a job interview and feel really lucky and blessed for the great opportunity that is about to fall in your lap. Whether by previous experience or self assured expertise you go in with the expectation that things are going to go so smoothly that the people you meet will be seeing a lot of you in the future; in meetings, lunches maybe even golf outings.
The IT field is different. I would like to say it's like an iceberg, but global warming has threatened that particular analogy of a constantly dripping source of cold hard data and worldwide implications.
It is not enough to know networking concepts because you've dabbled in it in your bedroom for decades. They want you to know what protocols are currently being used, and they want it deployed their way. More to the point, even if you climbed the holy mountain CISSP, they want you to understand from a MANAGER's perspective, The Risk Management Framework. You can be the best student in the world, a dedicated worker bee, a drone, a fry cook. To be a manager in an IA effort, you are in effect playing manager with a CISO who knows their system best and, though many of them are completely even keeled people who understand the necessity of the process and will do their best to speed them along, you never know when an ego might get tweaked.
The right person for the job in providing Information Assurance has to have a balance of deferential leadership between him/her self and the client, and understanding how to manage and map all the data and documentation coming in.
Here it is folks, straight from OWASP. Dig right in and think like a manager. I wish there was a way to practice this, if you think of one let me know, or hope you are able to stick with a company that will gradually carry you through the process. Perhaps the attitude of thinking like a manager and understanding the RMF above all else is the only thing that will keep you above the stacks and stacks of policies and help you connect the dots all the way home.
The IT field is different. I would like to say it's like an iceberg, but global warming has threatened that particular analogy of a constantly dripping source of cold hard data and worldwide implications.
It is not enough to know networking concepts because you've dabbled in it in your bedroom for decades. They want you to know what protocols are currently being used, and they want it deployed their way. More to the point, even if you climbed the holy mountain CISSP, they want you to understand from a MANAGER's perspective, The Risk Management Framework. You can be the best student in the world, a dedicated worker bee, a drone, a fry cook. To be a manager in an IA effort, you are in effect playing manager with a CISO who knows their system best and, though many of them are completely even keeled people who understand the necessity of the process and will do their best to speed them along, you never know when an ego might get tweaked.
The right person for the job in providing Information Assurance has to have a balance of deferential leadership between him/her self and the client, and understanding how to manage and map all the data and documentation coming in.
Here it is folks, straight from OWASP. Dig right in and think like a manager. I wish there was a way to practice this, if you think of one let me know, or hope you are able to stick with a company that will gradually carry you through the process. Perhaps the attitude of thinking like a manager and understanding the RMF above all else is the only thing that will keep you above the stacks and stacks of policies and help you connect the dots all the way home.
If you think that's dated, I'll do you one better (heck this is only for me anyway) directly from NIST
Monday, June 2, 2014
Certs renewed!!
I'm just happy the 100 something hours I spent on the job on training courses the last couple of years have been duly credited by CompTIA into renewing my A+ and Security+ ce certifications. Just thought I'd share that with y'all.
Wednesday, May 28, 2014
Syrian Electronic Army: A threat is a threat, even if it's only a demo
The SEA seems to be monitoring the RSA Conference and within minutes, hacked the home page. Read how on Krebs on Security:
Thursday, May 22, 2014
China Government bans use of Windows 8
It seems to be a move of pure defiance and a commitment to security holes if this is true. Windows XP as you may have heard has reached its EOS (End of Support) date. Yet many users here and abroad continue to use it, many systems either cannot handle the upgrade or those machines are typically not networked frequently enough, but still endure bugs.
Days after the Justice Department issued it's accusation of China's cybercrime activities, China responds with a foolhardy declaration to ban use of the Windows 8 OS and continue using unlicensed versions of Windows XP.
One could surmise the typical motis operandi that China would simply bootleg Windows 8 at every opportunity and that is still very likely. They may also simply state it is an issue of preference, which is typical in every new OS rollout. The rhetoric remains belligerent between the two superpowers over the domain of intellectual property and cyber spying.
Tuesday, May 20, 2014
Justice Department, U.S. declare the obvious.
It certainly took some consideration and a long hard look at evidence in a report that sat for a year, but the Justice Department formally issued charges against China for cyber-spying. Secondarily, information stolen was used as a means to copyright infringement and the flow of illegal and cheap goods into the U.S.
Over a year ago, Northern Virginia cybersecurity group Mandiant released their report with a sense of personal outrage. Stating the actions of this particular group from The People's Liberation Army operating out of an innocuous looking building in Shanghai was directly responsible, it challenged the U.S. Government to act upon this Advanced Persistent Threat (APT).
In addition to the report, Mandiant is releasing more than 3,000 APT1 indicators to expose and degrade APT1’s infrastructure and allow organizations to bolster their defenses against APT1’s arsenal of digital weapons. The indicators released in conjunction with the report include domain names, MD5 hashes of malware and X.509 encryption certificates.
Here are the domain names, IP addresses, all routed to this location. After gaining consensus throughout the Information Security Community, it looks like the White House is finally ready to act, and through Attorney General Eric Holder, our salvo has been launched that this shall not stand.
The net reaction has been swift denial on China's part. The threat landscape will continue to be speckled with malware and perhaps bolder attacks on enterprise infrastructure. A simple spearfishing campaign can create a backdoor into a company if not safeguarded.
After the DOJ’s announcement, China immediately pulled out of a bilateral cyber working group and lodged a formal protest urging the U.S. to withdraw the charges.
A more aggressive response could be on the way, experts say, perhaps in the form of new cyberattacks.
“I think we’re going to see retaliation from the patriotic hackers in China,” said Richard Bejtlich, a security strategist with the cybersecurity company FireEye and nonresident senior fellow at the Brookings Institution.
Best advice is to stay vigilant, utilize an active security program comprising antivirus, anti-malware, drop in some security awareness training, and read the news. Ultimately it is a war over commerce. China does not want to engage in a holy war for territory, they have enough of that. It is about economics and being #1 in the world trading. The more you pay them for cheap goods, the more you undermine the United States.
Subscribe to:
Posts (Atom)