How hard is CISSP?

CISSP difficulty is one of the most frequent questions I get once someone finds out I have it. “How hard is CISSP?” or “Could you pass CISSP again?” are two questions I get a lot.

They’re fair questions, and the answer is, it depends. But I can help you figure out the answer for yourself.

Read more

Cyber security podcasts I listen to

Yesterday, after reading a post in which I cautioned about a popular security podcast, someone asked me what cyber security podcasts I do listen to. I wrote this up a long time ago and never posted it for some reason, so now I’m correcting the oversight. Here’s my collection of the best of the best security podcasts.

These are the security podcasts I’ve been listening to for several years now and continue to recommend. Security podcasts are a good way to keep in touch with current issues, and also a good way to get continuing education.

Read more

How to become an Info Assurance Analyst

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more

IT jobs shortage? Slide over to security

IT jobs are getting scarce again, and I believe it. I don’t have a cure but I have a suggestion: Specialize. Specifically, specialize in security.

Why? Turnover. Turnover in my department is rampant, because other companies offer my coworkers more money, a promotion, or something tangible to come work for them. I asked our CISO point blank if he’s worried. He said unemployment in security is 0.6 percent, so this is normal. What we have to do is develop security people, because there aren’t enough of them.

I made that transition, largely by accident, so I’ll offer some advice. Read more

A meeting secret weapon: the potato

One of the security podcasts I listen to–I’m not sure which one, but this sure sounds like Liquid Matrix–gave some advice the other week about meetings: Bring a raw potato.

With any luck, you won’t need it. But if the meeting gets out of hand, whip out the raw potato and–hopefully you washed it first–eat it. Yes, just like an apple. Supposedly the meeting ends very quickly when you do this.

I was at a meeting about backups last week where I really needed this. We’re at a stalemate. I need some disk space and the ability to connect to it via NFS or SCP. My protagonist wants to come in through MySQL. He’s not coming in through MySQL, and we’re not reverse-engineering a product that costs more than my house. My stance is that we’ll use the product precisely the way it’s designed, so that next week when we need the vendor’s support, they don’t blame whatever problem we’re having on the backups. The product has the facility to back up and restore its data through one of those two protocols, and setting it up takes less time than a single meeting.

Too bad it was a conference call, where I’m not sure it would have the same effect. But the next time I get a meeting request about this when what I need is a destination IP address, account credentials, and a protocol, I’m bringing a potato.