Quote of the Weak – Clean Data Manually

If you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually.

Let me share a recent experience with you….

A young IT auditor texted me at work and asked for some Active Directory user account data that I capture automatically every week, using some scheduled ACL scripts.

If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here.

Continue reading →

No Sense using Win10 Wifi Sense

Windows 10 has a new feature called Wifi Sense that allows you to share wifi network access with others without sharing the wifi passkey – kinda.

I don’t see any sense in using it; too risky, and rather unnecessary.

Continue reading →

Security Diagram and SOX Space Lazer

I recently found a Sarbanes-Oxley (SOX) Space Lazer (sic) on a network security diagram. No kidding. The following items also appeared:

• Interstate 495
• Wang 5000
• Batphone
• Peanut butter
• Printer of evil
• Gene Hackman
• Automated Retirement Party Flyer Generation Appliance

Continue reading →

Your Social Media Data is Business Data

An Information Week article, From CRM to Social, noted that companies consider data mined from social media as business data. Basically, companies are supplementing their customer relationship management (CRM) database with the personal data from social networks. Consider these points:

If you don’ read anything else, see the quote in red below from the Guess CIO.

Continue reading →

How to Pass Certification Exams

Getting ready to take the CISA, CISM, CISSP, CIA, PMP, MCSE, or other certification exams? Here’s what you need to do to pass those tests:

Continue reading →

New Nmap/SecTools.org Survey

[ W A R N I N G :  The following links are often categorized by web filters as Hacking links, but only because the tools on this website are used by crackers as well as auditors and security analysts. This is a safe website, but the “watchers” at your workplace or school may not agree – BEWARE.]

UPDATE: The results of the new survey have been released...

SecTools.org is running their every-few-years survey that will “guide Nmap development and also enable a brand new and much-improved overhaul of SecTools.Org.”

Continue reading →

Top 10 Pay-Boosting Tech Certifications

According to Dice, the job search site, certain certifications increase technology professionals’ salaries at all experience levels.

After surveying nearly 17,000 techies, Dice found that the following certifications draw the most additional dollars (no particular order):

Continue reading →

Top 10 IT Jobs

According to CIO magazine, here’s the hot IT jobs (followed by comments by me in italics):

NOTE: IT Auditors, don’t pass over this article!

1. Security specialist/ethical hacker

One specialty, computer forensics, is hot. Forensic labs are almost always behind in their work. Is it due to a lack of good technicians or that forensic folks aren’t cheap? Either answer is good news.

Continue reading →

What Needs to be on a GOOJ Card?

If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job.

In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always carry a get-out-of-jail (GOOJ) card. I also provided some reasons why such a card is critical.

Continue reading →