Magazine Contribution
I was very proud to have been interviewed for the cover story in the latest issue of the Information Security Professional magazine. Many thanks to writer Astrid Harders and editor Anne Saita!
CSA CCM Update
The Cloud Security Alliance (CSA) just published Version 4 of the Cloud Controls Matrix (CCM). If you are involved with securing a cloud environment, I cannot recommend this tool highly enough; it works for any type of organization, in any kind of cloud deployment. Best of all, it’s my favorite price: free.
Go download it here: https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4
47 All the Singularities
Vinge’s original paper on the subject: https://edoras.sdsu.edu/~vinge/misc/singularity.html
New Edition
Just published the official Second Edition of my book, "How To Pass Your INFOSEC Exam: A Guide To Passing The SSCP, CISSP, CCSP, CISA, CISM, Security+, and CCSK" with revisions, updates, and corrections to the original.
The ebook is available here: https://www.amazon.com/.../ref=dbs_a_def_rwt_bibl_vppi_i3
The paperback is available here: https://www.amazon.com/dp/B08T7HNPK7?ref_=pe_3052080_397514860
Many, many thanks to Robin Cabe, who formatted it, and Rachel Ribando-Gros (https://ribandogros.webnode.com/) for the kickass new cover. You two are the BEST!
Big News: ISC2 Online Testing
ISC2 is finally going to experiment with offering online testing. It’s the last major INFOSEC certification body to do so, and it’s taken a long time to get to this point. I applaud this evolution, and am pleased that underserved communities will finally be able to leap the barrier to entry that physical testing required. (I’m also glad that online testing will reduce pollution necessitated by travel.)
Well done, ISC2!
https://www.isc2.org/News-and-Events/Press-Room/Posts/2021/01/11/ISC2-To-Offer-Online-Exam-Proctoring-for-CISSP-and-Other-Cybersecurity-Certifications
45 - 2021: At Least it's Not Mad Max
As promised, the link to the new book: CCSK Practice Tests by Ben Malisow
New Year, New Book!
New year, new book!
If you're studying for the CCSK, I just published over 300 practice questions covering all topic areas of that exam. It might also be a useful resource for CCSP studies, too, as many of the questions will be applicable for that test.
Many thanks to Mohamed Malki for technical review and editing, the inimitable Rachel Ribando-Gros, for being the best go-to graphics pro (with the most patience!), and Robin Cabe for layout and formatting. Y'all are wonderful, and I can't thank you enough.
Enjoy!
https://www.amazon.com/dp/B08RR9KTZZ?ref_=pe_3052080_397514860
43. The Imitation Game with Prashant Mohan
Our first ever return guest, Prashant Mohan, joins us in celebrating nerd hero Alan Turing in our movie review of The Imitation Game (Morten Tyldum, 2014).
Read More42. Safing: Fighting Surveillance with Raphael Fiedler
Join us in exploring a new way to control your personal privacy online in a conversation with the CEO of Safing, Raphael Fiedler. You know it’s going to be a great episode when their website header is “Fight surveillance because you love Freedom.”
Raphael’s company, Safing: https://safing.io/
Raphael’s podcast: https://safing.io/podcast/
Got an email from the CEO of ISACA recently....
THIS is how professional responsibility is done. This is how to craft an apology. This is leadership.
”Dear ISACA Community,
The integrity, high professional standards and smooth delivery of our certification exams are essential to maintaining the trust we’ve earned with ISACA’s professional communities. Last month we stumbled with the smooth delivery promise, and I am writing to our full member community to apologize. We must do better.
As some of you know, we experienced some unexpected issues when our certification exam vendor PSI performed a system upgrade. About 17% of our exam takers in November and the first few days of December were impacted. Earlier this afternoon, I reached out to those individuals to personally apologize and to offer them a complimentary exam retake if they did not receive a passing score.
We have also heard that our customer experience center response times to questions from the affected candidates has been slower than it should be. We are taking immediate steps to improve this, starting with a dedicated email address that affected candidates can use so their messages are marked as top priority. We have also added additional staff resources to the customer experience team.
During times of change and turbulence, individuals make an important choice to invest in themselves, and our certifications are “go to” education opportunities for IT professionals to advance their careers. Exam candidates invest time, money and dreams into our tests, and they deserve a trusted and smooth experience. I want you all to know that I take direct responsibility for these issues regardless of where the experience fell short. My team and I are committed to turning this experience around and helping candidates have a more successful exam day and a more positive experience with ISACA. In fact, beginning in early 2021, we are introducing 24/7 customer support so ISACA members and exam candidates no longer have to wait for help based on their time zone.
In addition, we are holding PSI accountable for their part in this issue. From the moment we began receiving information about this issue, we started regular meetings with the PSI leadership team, and they have assured us the technology issues are resolved. However, we plan to increase the communication to ensure this does not happen again.
Thank you for your trust in ISACA and our globally recognized credentials. We are committed to giving you and all of our members, customers and certification candidates the support you need and being a valued partner on your career and learning journeys.
Best regards,
David
David Samuelson
ISACA CEO”
I don’t think I’ve ever been more proud to be an ISACA member.
41. Section 230
The law, itself: https://transition.fcc.gov/Reports/tcom1996.txt
40. Test Prep Books With Prashant Mohan
Link for Memory Palace (CISSP):
https://www.studynotesandtheory.com/single-post/memory-palace-cissp-notes
Link for CIRRUS (CCSP):
https://www.infosectrain.com/blog/ebook-cirrus-8000-ft-of-ccsp-course/amp/
Radha Arora - https://in.linkedin.com/in/radha-arora-780262107
Study Notes and Theory - https://www.studynotesandtheory.com
Infosec Train - https://www.infosectrain.com
Fadi Sodah (Madunix) - https://www.linkedin.com/in/madunix
39. Prob gonna get hate for this but....
The links we promise in the episode:
California law related to gender identity in employment/trade associations:
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB396
Canadian law regarding gender identity:
https://laws-lois.justice.gc.ca/eng/AnnualStatutes/2017_13/FullText.html
The Canadian province of Prince Edward Island takes this a bit further, as do several of the Canadian jurisdictions:
https://www.princeedwardisland.ca/sites/default/files/legislation/H-12%20-Human%20Rights%20Act.pdf
Here’s the ironic (and wildly contradictory) section (12):
“12. Discrimination in advertising prohibited
(1) No person shall publish, display or broadcast, or permit to be published, displayed or broadcasted on lands or premises, or in a newspaper or through a radio or television broadcasting station or by means of any other medium, any notice, sign, symbol, implement or other representation indicating discrimination or an intention to discriminate against any person or class of persons.
Free expression of opinion
(2) Nothing in this section shall be deemed to interfere with the free expression of opinion upon any subjectin speech or in writing. 1975,c.72,s.12”
New (Anti-)Privacy Book.
I’m really proud of this one…I actually got to publish some of the ideas that have been clawing at my brain for several years. It runs counter to a lot of the industry orthodoxy, and I’m sure it will stir up some…disagreement.
Interested to hear the opinions of other practitioners. It’s available to order on Amazon now, for shipment next week. Please let me know what you think of it!
37. Referen-duh
Should the police need a search warrant to look at the data on your phone? If your car creates tracking data about your driving behavior, habits, and location, should you have access to it?
The voters in the US states of Michigan and Massachusetts certainly think so.
This week, we do a roundup of some recent changes to the legal landscape associated with INFOSEC, made by referenda.
The Michigan change to the state constitution: https://ballotpedia.org/Michigan_Proposal_2,_Search_Warrant_for_Electronic_Data_Amendment_(2020)
The Massachusetts law: https://ballotpedia.org/Massachusetts_Question_1,_%22Right_to_Repair_Law%22_Vehicle_Data_Access_Requirement_Initiative_(2020)
35. Craig Unger with Hyperproof
Our very first product review! Founder and CEO of Hyperproof Craig Unger joins us to talk about audits and how to streamline them with his company’s compliance operations platform. Not sponsored, just a fascinating chat about the ever-exciting world of audits. You can learn more about Hyperproof at their website: https://hyperproof.io/
You may notice some sound quality issues in the episode. Remember when we talked about how having a lot of security can sometimes have drawbacks? Like if you need to open your door quickly but there are five deadbolts on it? Or...if you need to stream audio but have serious endpoint security? That sort of happened here. We still think it was a great episode, and hope you agree because we would love to have Craig back soon.