cissp Archives

Home » cissp

How easily can someone hack my home computer and steal personal information?

Dave Farquhar security March 11, 2017antivirus, CIA, cissp, command prompt, computer security, leaks

On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. Here’s the scariest question he’s planning to ask: How easily can someone hack my home computer and steal personal information?

Someone asked me that question at work once, except it was about a work computer. I whipped out a copy of a book about Metasploit, flipped to page 137, and started reading. My point was that I could teach this guy how. He didn’t take it well, so I don’t recommend doing that.

My point that I could teach this guy how to do it still stands, though. And I think I could teach Andy how too.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Can I use a CISSP book to study for SSCP?

Dave Farquhar security November 27, 2016August 1, 2017cissp, malicious code, SSCP

Can I use a CISSP book to study for SSCP? That’s a good question, and a good idea, but I don’t recommend it anymore.

Dave Farquhar

dfarq.homeip.net

Is CISSP worth it?

Dave Farquhar security October 24, 2016April 22, 2017cissp, CPE, LinkedIn

Once people finish asking me how hard CISSP is, they often follow up with another question: Is CISSP worth it? As long as you have something to back it up with, I think the answer is a resounding yes.

Dave Farquhar

dfarq.homeip.net

How hard is CISSP?

Dave Farquhar security October 18, 2016October 16, 2016cissp, Liquid Matrix, vulnerability

CISSP difficulty is one of the most frequent questions I get once someone finds out I have it. “How hard is CISSP?” or “Could you pass CISSP again?” are two questions I get a lot.

They’re fair questions, and the answer is, it depends. But I can help you figure out the answer for yourself.

Dave Farquhar

dfarq.homeip.net

CISSP continuing education

Dave Farquhar security October 12, 2016November 24, 2018cissp, CPE, isc, podcast

Besides work experience, I probably get more questions about CISSP continuing education than anything else CISSP-related. Fortunately, keeping your CISSP can be a lot cheaper and easier than getting it in the first place was.

CISSP continuing education is measured in CPEs. You get one CPE per hour of “study.” Study is a pretty loose term. If you’re learning about security, you can probably find a way to make it count. You need to get 40 CPEs per year.

Dave Farquhar

dfarq.homeip.net

Security+ vs CISSP

Dave Farquhar security September 27, 2016October 10, 2017buffer overflow, certifications, cissp, cissp exam

Someone asked me to compare Security+ vs CISSP, particularly the difficulty. I’m glad to oblige. I have both certifications.

Let’s start by looking at a couple of hypothetical questions. Don’t expect to see either of these on the test; I’m making them up as I go. But don’t be surprised if you see something similar.

Dave Farquhar

dfarq.homeip.net

How a dictionary attack works

Dave Farquhar security September 19, 2016July 15, 2018cissp, cissp exam, NSA, passwords

A dictionary attack is a common way to steal a password. Here’s how a dictionary attack works, in layperson’s terms. More importantly, here’s how to beat the attack.

A dictionary attack is a much more efficient alternative to brute force hacking, but it requires a local copy of the user database to work. That usually means stealing the database first, if a bad guy is doing it. But nothing stops a company from doing a dictionary attack on its own user accounts to make sure people aren’t using insecure passwords. It’s unusual, but not unheard of.

Dave Farquhar

dfarq.homeip.net

SSCP vs CISSP

Dave Farquhar security June 30, 2016August 11, 2018certifications, cissp, cissp exam, isc, SSCP

SSCP and CISSP are both (ISC)² certifications. I get a lot of questions about the two of them, especially about SSCP, as CISSP overshadows it. So let’s look at SSCP vs CISSP.

CISSP definitely pays better, but that’s not to say SSCP doesn’t have merit.

Dave Farquhar

dfarq.homeip.net

Do I have enough CISSP work experience?

Dave Farquhar security June 15, 2016October 8, 2016antivirus, CERT, cissp, firewall, passwords, vulnerability

It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.

You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.

But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.

Dave Farquhar

dfarq.homeip.net

Job hunting on your own vs. using a recruiter

Dave Farquhar Careers April 28, 2016March 26, 2024cissp, DBA, LinkedIn, SQL

A former coworker contacted me last week. He’d been employed in the same place for the last 16 or 17 years and he couldn’t remember how to look for a job. Who better to ask than a guy who’s changed jobs 9 times in the same timeframe? One obvious question to ask regards job hunting on your own vs. using a recruiter.

In fairness to myself, government contracting causes a lot of job-hopping. And in fairness to him, the game’s changed a lot since the last time he had to play. IT Recruiters existed back then, but back then when you wanted a new job, you found it yourself.

I still use both methods.

Dave Farquhar

dfarq.homeip.net

← Previous