It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.
You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.
But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.
I was selling computers at retail when I heard of Gary Kildall’s death. We had a few copies of Wordstar for Windows and someone asked about it. I said it was easier to remember the keyboard shortcuts in Wordstar than Wordperfect.
“You sound like a CP/M guy,” said someone who overheard me. “Did you hear that Gary Kildall died last month?”
I hadn’t, and he wasn’t surprised. I was curious, so I went to the library and found a whole lot of nothing. A month or two later, I found a mention in a computer magazine column that Kildall had died in a barroom fight but it gave no specifics.
Last week, Microsoft quietly released its convenience update pack for Windows 7, 8.1., and Server 2008R2. This is a great opportunity to catch up on Microsoft patching, as it incorporates all of Microsoft’s OS-level updates from the release of Service Pack 1 to April 2016.
Here’s how to use this to clear your corporation’s backlog of Microsoft patches. No, I haven’t seen your corporate network, but I’ll bet you have one.
In the past, I’ve recommended Secunia PSI as a way to keep your systems up to date. I know from my own experience that it helps, but I also know it doesn’t work 100 percent of the time.
When it comes to security, nothing is more critical than making sure your updates are applying correctly. That’s where my employer comes in, with Qualys Browser Check.
I hear the question from time to time what the advantages and disadvantages of Windows 3.0 were. Windows 3.0, released in May 1990, is generally considered the first usable version of Windows. The oft-repeated advice to always wait for Microsoft’s version 3 is a direct reference to Windows 3.0 that still gets repeated today, frequently.
Although Windows 3.0 is clumsy by today’s standards, in 1990 it had the right combination of everything to take the world by storm.
I spent some time exploring HP Compaq 6910p upgrades because used HP Compaq 6910p laptops are dirt cheap these days. I picked one up for $75 as an alternative to a Black Friday cheapie.
If you look for one yourself, either look for one with a valid Windows 7 or Windows 10 license on it, or get one at a deep enough discount to make it worth your while.
Here’s what I did to turn an outmoded laptop from 2008 into something better than what I could have bought on Black Friday.
Last week Apple released a bunch of patches up and down its product line. One of the vulnerabilities it fixed in OS X was a vulnerability in its font parser.
In the past you could mitigate vulnerabilities like this by only installing fonts from trusted sources, but since it’s now possible for web pages to transmit fonts along with other content, there’s a limitless number of untrusted fonts out there in the world.
Since it may take a while for all of the major operating systems to shake out all of the problems in their font subsystems, that’s the reason I’ve recommended filtering fonts at the proxy.
Last week Adobe issued an out-of-band Flash patch, and once again Brian Krebs urged people to ditch Flash, noting that he’s done so and hasn’t missed it.
We decided to try ditching Flash at work a few months ago, but it didn’t go quite so smoothly for us. I thought I’d share my experience.
Individual Computers is working on, of all things, a replacement Amiga motherboard that will fit in an Amiga 500 or Amiga 1200 case.
The board will use the AGA chipset that the Amiga 1200 used, but the board will be built using a modern process, modern materials, and as many other modern components as possible.
Last week, Symantec discovered a worm that infects routers and takes measures to make them more secure. For lack of anything else to call it, Symantec is calling it malware, and most of the security echo chamber is probably howling over this, but I think I understand why it was created.