Posts Tagged ‘it security’

CISSP-ISSMP – happy ….

Monday, July 11th, 2022

…. to report that I passed the exam last week. It’s been in the making a couple of months and I finally found the courage to take the plunge.

On the weekend, I sent in the endorsement and it will take a couple of weeks for (ISC)2 to process it, as usual.

Now with both those exams (ISACA CRISC and CISSP-ISSMP) finally (and successfully) behind me, I can move on to something new.

I’ve previously dabbled in some pentesting and I would like very much give OSCP a try while casually reading about and learning for the ISACA CDPSE. Let’s see how it goes and how far I can take it….

Update from 1 week later: Already processed by (ISC)2. All good. Certified. Yay me.

PCI Professional

Sunday, April 25th, 2021

Another one I was able to bag…. not the most difficult exam I’ve ever taken but there were some tricky questions. This is valid for 3 years and allows me to call myself (surprise, surprise) “PCI Professional). Nice addition.

I took some guts from my side to sign up for this… I felt under-prepared most of the time but John Elliott’s PCI courses on pluralsight were an invaluable help.

And I passed on the first try. Yay me.

An awesome series continues…. CISSP exam passed

Friday, September 13th, 2019

On 20190912, I took and passed the CISSP exam after several months of preparation. Yay for me!

What about that series I mentioned? It’s becoming scary but I haven’t failed any IT exam / certification so far… MCP, LPIC, federal tests, CompTIA and now the CISSP exam. Of course I’m glad about this, but it’s getting spooky.

What was the test experience like? The checks until the actual exam starts is the most annoying part… identification, NDA, vene scan, everything twice. To some degree I can understand that, but the vene scan in top of passport checks? Hm…

One thing on the actual exam I was quite worried about is that you cannot go back to previous questions… click Next, no way to go back. So many times I did not feel particularly confident about the selected reply… but you can’t go back, so worrying about it is useless.

The other thing I was not prepared for was the questions that asked for best something / most appropriate something… practice questions were more fact-based and if anything they asked “what is the first thing to do when…” or “the last thing to do when…” – which is a different dimension from “what is the best thing to do when…” as that implies the listed possibilites could all be correct but one is ‘more’ correct and the deciding factor is not necessarily a technical factor.

Anyway, I felt quite burned out after 80 questions and was hoping that I would not have go higher than a 100 questions. Which is exactly what happened… the result is not even shown on the screen, only on the printout. I did not feel confident regarding the result so imagine my surprise.

Here’s what I used for preparation:
Linux Academy CISSP preparation course
Official CISSP Guide 3rd edition 2016
Some lectures on pluralsight.com and many practice questions on kaplan.com (linked to pluralsight)
Some lectures provided by thorteaches.com
An app called CISSP Professional with practice questions

IT security for home users – a simple guide (overview)

Tuesday, February 26th, 2019

I have been thinking about writing about this for a while… there is much information on staying secure out there and everything, I repeat, everything can already be read and practiced, even as a home user.

But maybe it bears repeating… so why not summarize some good practices here and maybe add my two cents.

Trying to stay secure as a home user usually comes down to just a couple of things:

  1. Upgrade your OS
  2. Disable what you don’t need
  3. Upgrade your application
  4. Change default passwords
  5. Upgrade anything else

Did I mention “upgrade <your stuff here>” already? You should do that.

If you fear breaking stuff by upgrading, then don’t upgrade *right away* – in IT, we say “avoid x.0 releases”. This applies to both OS and applications.
Wait for a x.1 or better x.2 release and install that one. Many vendors work hard to release good products but just as many release under time pressure and cut corners to make it in time, to save costs etc. It happens.

Keep coming back to read the details.