CISSP isn’t as technical anymore

---

Several of my friends passed the CISSP exam recently, and told me that it isn’t as technical as I told them it would be.

They said it was more of a security manager certification.

Continue reading →

CISSP CBK Changes

Effective April 15, 2015, the CISSP Common Body of Knowledge (CBK) is changing, which affects the CISSP exam and CPEs.

Continue reading →

FREE CISSP Cert Webcasts from ISC2

ISC2, the organization that awards the CISSP certification, provides 1 FREE webcast about the 10 CISSP security domains, as well as several FREE webcasts about the CISSP concentrations.

Continue reading →

Free CISSP Review Material, Practice Exams

I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.

Continue reading →

2014 Top Paying Certs (United States)

Below is a list of the top paying certs for 2014 (including average salary amount).

The list is based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton, completed in October 2013.

After the list, I offer a few comments on some of the certs and the salaries.

Continue reading →

Advertisement

FREE Global Security Resource Guide

ISC2.org, the organization that grants the CISSP certification, has a great, online, FREE global security resource guide.

No membership, certification, or log-in required!

Update 1-11-14: See Kim White’s comment below about availability of this resource. If it is made public, I will link to the new version. The “remove this post now” comment makes me wonder if it’s coming back for public consumption*. – Mack

Continue reading →

Why CISSP?

This post answers these questions: Why get the CISSP certification? What has it done for me? What else do I need to know?

Charles, one of my readers, asked me, “Do you have postings related to CISSP?” Not many, but here’s one….

Continue reading →

CISA vs. CIA Certification

If you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?

Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.

Continue reading →

Biggest Problem in Computer Security

What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s…

Staffing.

As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good pondering.

Continue reading →

Firewalls vs. Fire Hydrants

I recently stumbled across an article discussing how to choose an outside IT auditor by Kevin Beaver that stated, “With a few exceptions, auditors aren’t highly technical”–and may not need to know the difference between firewalls and fire hydrants.

If you know me, you know non-technicality of many IT auditors really bangs my keyboard (see the CISA posts listed below). An IT auditor who doesn’t have technical knowledge about IT is like a person who washes dishes without water.

Continue reading →

Top 7 Reasons for Security Certification

Here’s my top 7 reasons for getting a security certification:

1. It opens the hiring door. Or more simply stated, employers are looking for them. More and more, if you’re not certified, your resume won’t get past Human Resources. When they scan your application and resume, you’ll end up in the digital delete bucket if the screening software doesn’t see those special letters (CISSP, GIAC, CISA, CCSP, CISM, etc.). Continue reading →

Security Certs for Commoners? Nope

SC Magazine’s CISSP! Who Cares? article says that security certifications are not as valuable as they used to be because they are rather commonplace. Too many people going for the same job have the same qualifications. However, that is not my experience, and I disagree with some of the article’s statements.

I earned my CISSP more than 5 years ago. Let’s take a look at a couple companies I’ve worked for and count the CISSPs…

Continue reading →

More on the CisA Exam

This topic will be assorted rambles and comments regarding what I now call the “CisA” exam. Check out this post that started it all:  Where is the IS in CISA?

Continue reading →

Where is the IS in CISA?

Why do so many IT auditors who pass the CISA know so little about IS and security–and in my opinion aren’t worth hiring* for that and several other reasons?

Well, I think I figured it out. So what clarified my understanding? I took the CISA exam.

Continue reading →

How to Pass Certification Exams

Getting ready to take the CISA, CISM, CISSP, CIA, PMP, MCSE, or other certification exams? Here’s what you need to do to pass those tests:

Continue reading →

Top 10 Pay-Boosting Tech Certifications

According to Dice, the job search site, certain certifications increase technology professionals’ salaries at all experience levels.

After surveying nearly 17,000 techies, Dice found that the following certifications draw the most additional dollars (no particular order):

Continue reading →

Teach Yourself Security

What does it take to get started in information security? Can you teach yourself security?

This field requires you to understand how PCs, mobile devices, applications, servers, protocols, and networks operate. It helps to have a lot of curiosity and a good sense of where trouble lurks. And don’t forget Unix/Linux (more on that later).

I started as a PC support guy, became a server administrator, managed a network, and then became a security analyst. For me, it was a natural progression, but that’s the “old school” way of doing it. Security training was scarce, and there were few to no institutions offering training specific to that area. Also, the internet was still growing, and there were few security websites or blogs to learn from.

Continue reading →

Fun CPEs for CISSPs

Don Donzal, who created www.ethicalhacker.net and ChicagoCon (link now appears defunct), lists 10 ways for CISSPs to earn CPEs (Continuing Professional Education credits) and having fun doing it. Check out his entire article here. He wrote it in 2005, but it hasn’t aged much.

NOTE: I crossed through some of the links to now-defunct sites….remember, this was written in 2009….

Continue reading →