Part 2 of "How To Pass Your INFOSEC Exam"

My second Udemy course, Part 2 of “How To Pass Your INFOSEC Exam” is now live! Right now, it contains Section 4 of the series, and eventually I’ll be adding Sections 5 and 6 (hopefully, in the next couple of weeks). Then, within two months, I’ll be adding the final course in the series, Part 3, which will include Sections 7, 8, and 9. If you need some extra study materials, please come check out these courses!

https://www.udemy.com/course/how-to-pass-your-infosec-exam-part-2/?referralCode=D74F45D8F7DCA055E994

Udemy Course - How To Pass Your INFOSEC Exam

It’s my pleasure to announce my first Udemy course, available to the public, based on my book, “How To Pass Your INFOSEC Exam: A guide to passing the SSCP, CISSP, CCSP, CISA, CISM, Security+, and CCSK.” This course includes two sections: Security Basics, and Cryptography, totalling three hours of content. I intend to publish additional courses, with sections covering all the material in the book, in the future.

I’m very interested to hear feedback and suggestions; I hope you like it, and find the material beneficial for earning your certification!

 

https://www.udemy.com/course/how-to-pass-your-infosec-exam/?referralCode=CEB07D31DF60C7FB5113

Live Webcast Open To Everyone!

This is extremely exciting: Robin and I will be hosting a free webinar for New Horizons during their Awareness Month seminar. We'll be doing a live episode of the "The Sensuous Sounds Of INFOSEC" that you can participate in! So, if you ever wanted to be on the show, now's your chance.

Did I mention it's free?

We're going to discuss different INFOSEC certifications, and which pathways might be best for different practitioners. Come check it out, ask questions, and hassle us.

Also, you don't have to pay for it.

We look forward to seeing you there!

https://register.gotowebinar.com/register/3599988395504979725

There are also some other sessions being offered by excellent presenters:

https://bangor.newhorizons.com/resources/free-webinars

The Sensuous Sounds Of INFOSEC - Episode 13 - Ryan Skelton

This week we talk with INFOSEC professional Ryan Skelton about information security training and awareness programs, tools used in live environments, and how Robin sounds like an NPR interviewer.

The tool mentioned by Ryan during the episode: https://www.knowbe4.com/

The Saturday Night Live sketch Ryan references (and yes, Robin does sound like that!): https://www.youtube.com/watch?v=RoysmfRxPLc

CISSP Feedback

Got a detailed message from a former student I’d like to share…good insight for those studying the CISSP:

“I took your class last year (7/16-7/20), sat for the exam in late September, but did not passL. In that instance I know I incorrectly answered a drag and drop on controls and was surprised by the number of Cloud questions. That said, I spent the rest of the year and this spring internalizing all the material using the following resources:

 

·         CISSP All-in-One Exam Guide, 7th Edition

·         Official (ISC)2 Guide to the CISSP CBK ((ISC)2 Press)

·         (ISC)2 CISSP Information Systems Security Professional Official Study Guide

·         CISSP Official (ISC)2 Practice Tests

·         How To Pass Your INFOSEC Certification Test: A Guide To Passing The CISSP, CISA, CISM, Network+, Security+, and CCSP

·         CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide

 

I read the (ISC)2 CISSP Information Systems Security Professional Official Study Guide, Reviewed and read CISSP All-in-One Exam Guide, 7th Edition, and took all the end of chapter tests as well as the CISSP Official (ISC)2 Practice Tests and also read your book, How To Pass Your INFOSEC Certification Test: A Guide To Passing The CISSP, CISA, CISM, Network+, Security+, and CCSP. In addition to all of that, I spent some time studying the Cloud Security basics contained in - CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide and test questions.

 

I then sat and passed the exam on 4/30/2019. I was fed a completely different exam questions and again had quite a few Cloud based questions which I felt prepared for after studying the CCSP material. It’s been a long road, the test always looks deceptively easy, and I am pleased to have provisionally passed. I must say the practice exam application that came with the SHON Harris book most closely represented the actual exam experience. “

Hope that helps— seems like useful stuff!

Stegotrojansaurus

IF YOU ARE STUDYING FOR A CERTIFICATION EXAM, STOP READING-- THIS IS PURELY ACADEMIC AND WILL ONLY CONFUSE YOU

 

 

When I explain steganography to my students, I usually say, “It’s a message in one medium put inside another medium-- more like encoding than cryptography.” I stress that steganography is NOT crypto, even though the topics always seem to be taught coincidentally. I often use the example of Jeremiah Denton, who, as a prisoner of war, blinked the word “torture” in Morse code while being forced to make propaganda films against his country (https://www.youtube.com/watch?v=rufnWLVQcKg). I talk about putting a text message inside the code for a .jpg, and so forth.

 

As almost always happens, a student in a recent class taught me something I did not know before. But this case was exceptional, because it was something that had simply never occurred to me at all, and I don’t think I’ve ever heard anyone else suggest it:

 

Trojan horse applications are a form of steganography.

 

It’s kind of perfect. The malware, which is a message of one medium (the executable), is hidden inside a message of another medium, such as a photo or movie or text document or whatever (sometimes-- there are examples of Trojans where both the malware and its carrier are executables, or there is just one executable with two aspects: one desirable to the victim, and one not).

 

This is purely a philosophical point: it doesn’t mean anything earth-shattering in the world of INFOSEC. But I love it when a student has a completely new take on some fairly old ideas. Blew me away. Good job, Ann-Kathrin.

'Membering Mnemonics

I often learn quite a bit from the students I’m supposed to be teaching (mainly because they’re invariably smarter than I am). I also love mnemonics— those mental tricks and reminders that help you recall concepts and bits of information.

This past week, one of my classes was going over the OSI and TCP/IP networking models; I had a great mnemonic for OSI (Please Do Not Teach Security People Anything)…but I confessed that I have no way of remembering the TCP/IP Model.

One of the participants said she had something, but was reluctant to share. We coaxed it out of her. I share it, slightly modified, with you now:

“Not In The….Arctic.”

I will never again forget the names of the four layers of the TCP/IP networking model. Though I may try.

Thanks, Lauri— you’re a good teacher.