Do I have enough CISSP work experience?

It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.

You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.

But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.

Read more

Spot phishing e-mails with Outlook 2010

I got e-mail the other day from Turbotax saying someone had filed my taxes for me. Obviously a cause for concern, right? Here’s how I determined the message was fake in about three minutes.

Some people will tell you not to even open a message like this, but if you’re a computer professional, at some point someone is going to want you to prove the message was fake. I think this is something every e-mail administrator, desktop support professional, security professional, and frankly, every helpdesk professional ought to be able to do.

So here’s how you can get the proof. And generally speaking, Outlook 2010’s default configuration is paranoid enough that this procedure will be safe to do. If you want an extra layer of protection, make sure you have EMET installed and protecting Outlook.

Read more

Flash vs Shockwave

Bad things happen when security pros like me start asking our infrastructure brethren to patch Flash. We get better security, but the Flash upgrade fails enough of the time to cause extra workload, and it can be confusing. One of the problems is the question of Flash vs Shockwave.

Consequently, I see more Flash-related helpdesk tickets than I ever saw, even when I was doing desktop support long ago. Adobe doesn’t make it any easier by calling the plugin “Shockwave Flash.”

Read more

Happy 20th birthday to Windows 95

It was on August 24, 1995 that Windows 95 was released, amidst much anticipation. It was the most widely anticipated Windows release of all time, and the runner up really isn’t close. The idea of people lining up for blocks for a Microsoft product sounds like a bit of a joke today, but in 1995 it happened.

I received a free copy of it because I worked at Best Buy in the summer of 1995 and I aced Microsoft’s test that demonstrated sufficient aptitude to sell it. A few weeks later I landed my first desktop support gig, ending my career in a blue shirt, which means I probably never actually talked anyone into buying a copy of it.

I got plenty of Win95 experience over the next couple of years though.

Read more

What it was like owning a Commodore in the 1980s

Since questions occasionally come up, and I remember well what it was like owning a Commodore in the 1980s in the United States, I’ll share my recollections of it.

It was very different from computing today. It was still interesting, but it was different.

Read more

Chasing dreams

Lifehacker says to follow your skills rather than chasing your dreams.

There’s something to this. Two years ago I had a job writing security documentation. The CISO where I work now didn’t want to hire me because he was sure I already had my dream job and I’d just go back. On paper, it should have been my dream job, but I was beyond miserable. I was writing and editing for an audience of three people, and the environment was toxic. I woke up literally every morning thinking, “I didn’t study all day every day for three months to pass a 250-question 6-hour test to do this.”

Today I manage Windows patches. On paper it’s the most boring job in the world. But I’m happier than I’ve ever been. I’m up for the mandatory midyear review, and though I’ve only been at the job for four months, I have to provide a six-month review. I can’t fit my four months of accomplishments on a single sheet of paper. I wake up every morning ready to seize the day and accomplish something. Read more

The 11 Neff Hall chop shop

I saw an IBM PS/2 Model 55SX at an estate sale this past weekend. It took me back to my first non-food service, non-retail job, doing desktop support at Mizzou.

Well, as a precursor to doing desktop support, they tried me out just building and tearing down machines. I worked out of Room 11, which was at the time a dingy, dark, musty place. But they pay was good and it meant I got to spend my time between classes taking computers apart all day, and that was nice.

My first assignment was to build IBM PC 330 and PC 350 computers to sit on professors’ desks. These were 50 MHz 486DX2s. They were a bit outmoded by then, but they were a lot better than what they were replacing, which was, in most cases, a PS/2 Model 55SX, which was a 386SX running at either 16 or 25 MHz. My second assignment was to disassemble those Model 55SXs, reverting them back to their factory configuration, and sort out all of the add-ins so we could use them to upgrade other machines, and then, sell whatever was left as surplus. Read more

Go to college, but don’t go broke doing it

I saw in this morning’s Post-Dispatch that 25% of student borrowers can’t repay their debts.

I understand why, but it’s preventable. Jim Gallagher’s column has some good advice. I’ll add some more, having recently spent a little time on my old stomping grounds at Mizzou. Read more

“Why do we have a server named ‘Vicious?'”

My first non-food service, non-retail job was working desktop support for my college, the University of Missouri-Columbia. They were doing a massive computer upgrade and needed some part-time help. When they realized they’d found a journalism student who knew PC hardware and already knew OS/2, they cut the interview short and showed me around. I started work the next day.

My job was, initially, to unbox a few hundred IBM PC 330s and 350s, install network cards and memory, then install OS/2 on them. We had room for me to set up about 10 of them at a time, on long folding tables on opposite sides of a long room. It was lonely work at times, but I got to work with computers, and they were paying me $8 an hour. I liked it better than retail.

After a few days I had enough time to watch the boot process. OS/2 had a facility called Configuruation, Installation and Distribution (CID), similar to Microsoft’s unattended installation that appeared in later versions of Windows NT, that automated much of the process. An administrator configured machines in advance, and then when build time came, I booted off a floppy, entered a computer name, and the process pulled down what it needed from the network. After 30 minutes or so, we had a functional machine. CID probably saved a couple of hours of repetitive work. On this particular day, after I got nine machines going, I watched the 10th go through its the CID process. I noticed the machine kept addressing a server named \\VICIOUS.

Read more