SSCP and CISSP are both (ISC)² certifications. I get a lot of questions about the two of them, especially about SSCP, as CISSP overshadows it.
CISSP definitely pays better, but that’s not to say SSCP doesn’t have merit.
Continue reading SSCP vs CISSP
Insurance companies are starting to offer discounts if you plug one of their devices, often called a RightTrack or SnapShot, into your car’s ODB2 port.
One of my college buddies asked me about them when his insurance company offered his family a 5% discount to plug these into their cars, and then make them eligible for up to another 25%. Those are compelling numbers. So what are the potential drawbacks?
Continue reading Pros and cons of RightTrack or SnapShot devices
It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.
You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.
But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.
Continue reading Do I have enough CISSP work experience?
Last Tuesday night my oldest son came into the room and told me he thought one of our computers was being hacked. So I kicked into incident response mode and walked into the other room to be greeted with a computer loudly telling me that Microsoft Security Essentials was unable to clean a virus and to immediately call Microsoft.
Instead I immediately shut down the computer. Here’s why.
Continue reading Microsoft Security Essentials alerts – don’t call “Microsoft”
A week or two ago, a stranger approached me with some advice about securing routers: move SSH off port 22.
Since arguing with strangers is what the Internet was apparently invented for, I’ll argue against the benefits of moving SSH off port 22.
Continue reading Moving SSH off port 22 doesn’t do much for security
A chance conversation with a Qualys customer a few weeks ago veered off topic really fast, but it led to another conversation, which caught a manager’s attention and led to my first blog post for them.
Continue reading My first blog post for Qualys
In the past, I’ve recommended Secunia PSI as a way to keep your systems up to date. I know from my own experience that it helps, but I also know it doesn’t work 100 percent of the time.
When it comes to security, nothing is more critical than making sure your updates are applying correctly. That’s where my employer comes in, with Qualys Browser Check.
Continue reading Double-check your security with Qualys Browser Check
I met with a client earlier this week who asked me to go over their vulnerability scans for a bit of a sanity check. He asked some important questions, but one in particular seems worth sharing. What can we do with Java? Can we solve the Java problem?
Continue reading Solve the Java problem