I propose a new rule. I think it’s a very modest and very reasonable proposal. It has two parts.
1. No meeting can last longer than 6 hours (the length of the CISSP exam)
2. Material presented in said meetings may have no more than 250 items (the same number of questions in a CISSP exam)
I raise these points because I frequently find myself in meetings where we’re evaluating some new technology, or an old one under new standards, and it turns into CISSP-plus: an 8-hour marathon where we look at and argue about 400 things. And the first argument of the day lasts 30 minutes, naturally. The upside is that we aren’t being graded. But the downside is that we keep having these meetings.
My assignment for today is to find out if the date of eligibility for CPE (Continuing Professional Education) credits starts the date of the exam, or the date of certification.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.