Multi Factor Authentication (MFA)

Multi Factor Authentication (MFA)

More and more companies and private individuals have been looking for better ways to keep their data secure in recent years. No one is truly safe, with huge companies like Facebook, Ticketfly, and T-Mobile suffering from devastating data breaches in 2018. With data breaches happening so frequently, many individuals are understandably worried about exposing their data and suffering from financial loss. Key cybersecurity measures like enabling a firewall, installing antivirus software, and using encryption technology can only do so much against cybercriminals. Hackers have been using more sophisticated software to steal corporate and private data, so you should do everything … Read more

Why hackers love patching

Why hackers love patching

When a company issues a patch to fix security issues the bad guys start salivating.  They know that in many cases they now have the opportunity to take advantages of vulnerabilities that the previously did not know about. Hackers can easily reverse engineer patches. When a patch is released a hacker will first review the published issues that the newly released patch intends to fix.  Many times the hacker can read the publisher’s write up and get a good handle of the severity of the vulnerabilities that are being patched.  If the patch details lead one to believe that the … Read more

CASP vs. CISSP - My Experience

CASP vs. CISSP – My Experience

I decided to take the CASP exam for only one reason… There is only one reason that I initially took the CASP exam instead of the CISSP. I did not make the decision logically.  I did not know the real differences between the tests. I took the CASP test first because I thought it would be easier to pass.  Plain and Simple – I thought that I would have a better chance to pass the CASP than the CISSP.  I heard that the CISSP was one of the most challenging and dreaded tests.  I heard story after story about people … Read more

The Top 20 Cities for CISSPs

The Top 20 Cities for CISSPs

We analyzed the job postings, crunched the data, and determined the actual value of the CISSP certification to list the top 20 US cities for CISSP certification holders. The monetary value of having the CISSP certification is dependent on your job market. If you obtain the CISSP certification and live in a city that has limited CISSP jobs available, then you need to make a choice – move to an area that has more opportunity or accept a salary that is not commensurate with your skills and abilities. Remote work is sometimes a possibility, but many cybersecurity positions require that … Read more

Why you failed the CISSP exam and how to make sure you pass on the next try!

Why you failed the CISSP exam and how to make sure you pass on the next try!

If you work in the cybersecurity field, then you know that there are only four types of people: People who passed the CISSP exam People who are studying for the CISSP exam People who failed the CISSP exam People who are too fearful of taking the exam Having the CISSP certification is a must if you want to work in particular high-paying and highly rewarding environments. The CISSP exam is a gate. Those that have made it through that gate are often considered the elite in the cybersecurity field. Even if you passed the CISSP exam, likely, you did not … Read more

cissp

CISSP Adapative Exam – What to expect.

The vast majority of current CISSPs took their test in the old format. The test was a grueling 250 question test in which nearly 85% of the testers would take the entire allotted 6 hour exam time. But the exam was modernized at the end of 2017 The CISSP exam is now a “Smart Exam.” Beginning in December of 2017, the CISSP exam was changed to an adaptive format. The official name for this is Computerized Adaptive Exam (CAT). The CISSP is one of the first certification exams to move to this new platform. But the rest will soon follow. … Read more

The Marriott  Hack - This is What will Happen Next.

The Marriott Hack – This is What will Happen Next.

Personal information from about 500,000,000 people who made reservations at a Starwood hotel was stolen by hackers.  These hotels include Sheraton, Aloft, W Hotels, and Westin Hotels.  Marriott acquired the Starwood Group back in 2016, but the compromise started way back in 2014 before the acquisition took place. Hackers had full access for four years This means that the hackers had plenty of time to learn, gather data, and exploit that data.  The hackers had access to everything in the system and used the Starwood system as their playground for four years. A data loss protection (DLP) system was in … Read more

Cybersecurity Career Transition

How to Transition to a Cyber Security Career at Any Age

Are you thinking about doing a mid-career transition to a cybersecurity position? It is a great field to join.  There are currently millions of unfilled cybersecurity jobs in the US and countless more around the world.  There are not enough qualified applicants to fill these jobs. Because qualified applicants are limited, the salaries for cybersecurity jobs are on the rise.  It is common for cybersecurity positions to pay more than six figures to folks who have some strategic IT certifications and just a few years of experience. In your 30s, 40s, or 50s? It is never too late to get … Read more

Passwords Suck and Will Go Away - Here's How

Passwords Suck and Will Go Away – Here’s How

Why Passwords Suck Usernames and Passwords are not secure by nature.  Usernames and Passwords are controls that rely on “Something you know.”  Knowledge is easily transferable, and therefore, passwords are not secure. No amount of security training will eliminate or overcome human nature.  It is human nature to make passwords we can easily remember.  Passwords that are easy for us to remember are also easy for people to guess.  Passwords are also used over and over again on multiple accounts – bank accounts, email accounts, work accounts, etc. Worse yet, passwords our often openly shared among trusted individuals like family … Read more

pmp vs cissp

PMP vs CISSP

How does the PMP exam compare to the CISSP exam? When someone asked me that question, I thought it was rather odd.  How can you compare the PMP to the CISSP?  These are two completely different tests on two completely different subjects.  The PMP exam covers project management while the CISSP exam covers cybersecurity. But then I thought about it. The question is valid.  I expect that many people may be considering both the PMP and the CISSP.  Both of these certifications are considered the top certification in their respective fields.  So, this question deserves some thought. The value of … Read more

Don't Underestimate the CompTia Security+ Exam

Don’t Underestimate the CompTia Security+ Exam

The Comptia Security+ exam isn’t that easy! I was recently at a family reunion, and I was talking to my cousin, who does IT work for the military.  He was getting prepared to leave the military within a few years to transition into civilian work. I asked him if he had any IT certifications. “No, but I am thinking about trying to get some of the really easy ones like Security+”. I had taken and passed the CompTIA Security+ exam just a couple of years before this conversation.  I thought to myself, “Really easy? I think not!!!”.  But I did … Read more

Hardware Encryption

Why Hardware Encryption is Not Secure

Hardware Encryption is not Secure A Little History… In the past, it was assumed that hardware encryption is far more secure than software encryption.  Many people, including security experts, still believe this to be true.  And in the past, it was true. But recent history has proven that hardware encryption is highly vulnerable.  The widely published recently discovered hardware encryption vulnerabilities include Spectre and Meltdown.  Both Spectre and Meltdown exploit flaws in processors. Our good friend Steve Gibson has also outlined severe security vulnerabilities in a hardware-encrypted solid-state drive (SSDs).  Every SSD that researchers have examined has been found to … Read more

CISSP Audio Book

How I passed the CISSP exam without reading any books

Reading is not my best learning style. In today’s world of podcasts and audiobooks, I believe that fewer and fewer people are accustomed to learning by reading and writing.  For me, this is undoubtedly the case. I love learning through audiobooks and video training.  I used these learning methods exclusively to pass some challenging IT Certification tests, including passing the CISSP test earlier this year. No expensive boot camp needed I am not a fan of CISSP boot camps.  I believe that many of the companies that run these week-long training classes are doing a disservice to the folks taking … Read more