Is CISSP worth it?

Once people finish asking me how hard CISSP is, they often follow up with another question: Is CISSP worth it? As long as you have something to back it up with, I think the answer is a resounding yes.

Read more

CISSP continuing education

Besides work experience, I probably get more questions about CISSP continuing education than anything else CISSP-related. Fortunately, keeping your CISSP can be a lot cheaper and easier than getting it in the first place was.

CISSP continuing education is measured in CPEs. You get one CPE per hour of “study.” Study is a pretty loose term. If you’re learning about security, you can probably find a way to make it count. You need to get 40 CPEs per year.

Read more

Taking back the drive time

Several months ago, I started listening to security podcasts in the car during my commute. I probably have my annual CPE requirement tripled by now–I’ll go submit my 30 in a week or two, and I don’t see much point in tracking it beyond that–but, more importantly, I’ve increased my professional awareness. Read more

CPE opportunity: Exploding the Phone

This week Cnet interviewed Phil Lapsley, the author of Exploding the Phone, a book about the early history of phone phreaking.

Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those pages in the CBK about phone phreaking.

Read more

Time to make a new rule for work

I propose a new rule. I think it’s a very modest and very reasonable proposal. It has two parts.

1. No meeting can last longer than 6 hours (the length of the CISSP exam)

2. Material presented in said meetings may have no more than 250 items (the same number of questions in a CISSP exam)

Read more