Big News: ISC2 Online Testing
ISC2 is finally going to experiment with offering online testing. It’s the last major INFOSEC certification body to do so, and it’s taken a long time to get to this point. I applaud this evolution, and am pleased that underserved communities will finally be able to leap the barrier to entry that physical testing required. (I’m also glad that online testing will reduce pollution necessitated by travel.)
Well done, ISC2!
https://www.isc2.org/News-and-Events/Press-Room/Posts/2021/01/11/ISC2-To-Offer-Online-Exam-Proctoring-for-CISSP-and-Other-Cybersecurity-Certifications
45 - 2021: At Least it's Not Mad Max
As promised, the link to the new book: CCSK Practice Tests by Ben Malisow
New Year, New Book!
New year, new book!
If you're studying for the CCSK, I just published over 300 practice questions covering all topic areas of that exam. It might also be a useful resource for CCSP studies, too, as many of the questions will be applicable for that test.
Many thanks to Mohamed Malki for technical review and editing, the inimitable Rachel Ribando-Gros, for being the best go-to graphics pro (with the most patience!), and Robin Cabe for layout and formatting. Y'all are wonderful, and I can't thank you enough.
Enjoy!
https://www.amazon.com/dp/B08RR9KTZZ?ref_=pe_3052080_397514860
43. The Imitation Game with Prashant Mohan
Our first ever return guest, Prashant Mohan, joins us in celebrating nerd hero Alan Turing in our movie review of The Imitation Game (Morten Tyldum, 2014).
Read More42. Safing: Fighting Surveillance with Raphael Fiedler
Join us in exploring a new way to control your personal privacy online in a conversation with the CEO of Safing, Raphael Fiedler. You know it’s going to be a great episode when their website header is “Fight surveillance because you love Freedom.”
Raphael’s company, Safing: https://safing.io/
Raphael’s podcast: https://safing.io/podcast/
Got an email from the CEO of ISACA recently....
THIS is how professional responsibility is done. This is how to craft an apology. This is leadership.
”Dear ISACA Community,
The integrity, high professional standards and smooth delivery of our certification exams are essential to maintaining the trust we’ve earned with ISACA’s professional communities. Last month we stumbled with the smooth delivery promise, and I am writing to our full member community to apologize. We must do better.
As some of you know, we experienced some unexpected issues when our certification exam vendor PSI performed a system upgrade. About 17% of our exam takers in November and the first few days of December were impacted. Earlier this afternoon, I reached out to those individuals to personally apologize and to offer them a complimentary exam retake if they did not receive a passing score.
We have also heard that our customer experience center response times to questions from the affected candidates has been slower than it should be. We are taking immediate steps to improve this, starting with a dedicated email address that affected candidates can use so their messages are marked as top priority. We have also added additional staff resources to the customer experience team.
During times of change and turbulence, individuals make an important choice to invest in themselves, and our certifications are “go to” education opportunities for IT professionals to advance their careers. Exam candidates invest time, money and dreams into our tests, and they deserve a trusted and smooth experience. I want you all to know that I take direct responsibility for these issues regardless of where the experience fell short. My team and I are committed to turning this experience around and helping candidates have a more successful exam day and a more positive experience with ISACA. In fact, beginning in early 2021, we are introducing 24/7 customer support so ISACA members and exam candidates no longer have to wait for help based on their time zone.
In addition, we are holding PSI accountable for their part in this issue. From the moment we began receiving information about this issue, we started regular meetings with the PSI leadership team, and they have assured us the technology issues are resolved. However, we plan to increase the communication to ensure this does not happen again.
Thank you for your trust in ISACA and our globally recognized credentials. We are committed to giving you and all of our members, customers and certification candidates the support you need and being a valued partner on your career and learning journeys.
Best regards,
David
David Samuelson
ISACA CEO”
I don’t think I’ve ever been more proud to be an ISACA member.
41. Section 230
The law, itself: https://transition.fcc.gov/Reports/tcom1996.txt
40. Test Prep Books With Prashant Mohan
Link for Memory Palace (CISSP):
https://www.studynotesandtheory.com/single-post/memory-palace-cissp-notes
Link for CIRRUS (CCSP):
https://www.infosectrain.com/blog/ebook-cirrus-8000-ft-of-ccsp-course/amp/
Radha Arora - https://in.linkedin.com/in/radha-arora-780262107
Study Notes and Theory - https://www.studynotesandtheory.com
Infosec Train - https://www.infosectrain.com
Fadi Sodah (Madunix) - https://www.linkedin.com/in/madunix
39. Prob gonna get hate for this but....
The links we promise in the episode:
California law related to gender identity in employment/trade associations:
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB396
Canadian law regarding gender identity:
https://laws-lois.justice.gc.ca/eng/AnnualStatutes/2017_13/FullText.html
The Canadian province of Prince Edward Island takes this a bit further, as do several of the Canadian jurisdictions:
https://www.princeedwardisland.ca/sites/default/files/legislation/H-12%20-Human%20Rights%20Act.pdf
Here’s the ironic (and wildly contradictory) section (12):
“12. Discrimination in advertising prohibited
(1) No person shall publish, display or broadcast, or permit to be published, displayed or broadcasted on lands or premises, or in a newspaper or through a radio or television broadcasting station or by means of any other medium, any notice, sign, symbol, implement or other representation indicating discrimination or an intention to discriminate against any person or class of persons.
Free expression of opinion
(2) Nothing in this section shall be deemed to interfere with the free expression of opinion upon any subjectin speech or in writing. 1975,c.72,s.12”
New (Anti-)Privacy Book.
I’m really proud of this one…I actually got to publish some of the ideas that have been clawing at my brain for several years. It runs counter to a lot of the industry orthodoxy, and I’m sure it will stir up some…disagreement.
Interested to hear the opinions of other practitioners. It’s available to order on Amazon now, for shipment next week. Please let me know what you think of it!
37. Referen-duh
Should the police need a search warrant to look at the data on your phone? If your car creates tracking data about your driving behavior, habits, and location, should you have access to it?
The voters in the US states of Michigan and Massachusetts certainly think so.
This week, we do a roundup of some recent changes to the legal landscape associated with INFOSEC, made by referenda.
The Michigan change to the state constitution: https://ballotpedia.org/Michigan_Proposal_2,_Search_Warrant_for_Electronic_Data_Amendment_(2020)
The Massachusetts law: https://ballotpedia.org/Massachusetts_Question_1,_%22Right_to_Repair_Law%22_Vehicle_Data_Access_Requirement_Initiative_(2020)
35. Craig Unger with Hyperproof
Our very first product review! Founder and CEO of Hyperproof Craig Unger joins us to talk about audits and how to streamline them with his company’s compliance operations platform. Not sponsored, just a fascinating chat about the ever-exciting world of audits. You can learn more about Hyperproof at their website: https://hyperproof.io/
You may notice some sound quality issues in the episode. Remember when we talked about how having a lot of security can sometimes have drawbacks? Like if you need to open your door quickly but there are five deadbolts on it? Or...if you need to stream audio but have serious endpoint security? That sort of happened here. We still think it was a great episode, and hope you agree because we would love to have Craig back soon.
34. Which INFOSEC Certification Pathway is Right For You - LIVE presentation
We had a great time doing the live show; thanks so much to everyone who joined in (we were thrilled to see more than our Three Listeners!); and more thanks for our hosts, New Horizon (and Queen Circe), for inviting us to take part in the event.
If you’re interested in seeing the slides associated with the audio track, please use this link to YouTube: https://www.youtube.com/watch?v=RU5moEg5noU&feature=youtu.be
33. Everyone Gets a Glock
To continue preparing for disaster to strike, we take a look at firearms from the perspective of personal security. Or personal INsecurity? (As in a lack of security, not ego--but maybe that too.) Everyone’s situation is different, but we do have some information that might help you make that decision a bit more safely and responsibly.
Read More32. Prepping
This week, we prepare for the endtimes through personal continuity and disaster recovery, and nerd out on some truly great media.
Read More31. The Bestest Security in the World
Did you know we have the bestest security system in the world? Yes we do! Join us as we review the costs and outstanding benefits of having a dog for security.
Additional resources mentioned:
War Dog: A Soldier’s Best Friend (2017) Documentary directed by Deborah Scranton, Produced by Channing Tatum. You will cry.
Togo (2019) Live action Disney movie based on true heroes. Starring Willem Dafoe. You will also cry.
Molly Burke YouTube vlog channel following the life of a “millennial girl who just so happens to be blind,” often featuring her guide dog. You can view her playlist “All About Guide Dogs” here!