Showing posts with label cissp. Show all posts
Showing posts with label cissp. Show all posts

Friday, July 02, 2010

Cyber Security: Back to Basics

Ask yourself one simple question, "What am I protecting?" Some basic axioms to live our information security lives by -
  • Trust no network
  • Trust no device
  • Find your data and defend it to the Death
  • Look over your shoulder
Simple but powerful advice and a way to re-focus your cyber security efforts. This is all courtesy of Branden R. Williams via an article in the July 2010 issue of the ISSA Journal.


Rob Hiltbrand, CISSP
Posted by at No comments:
Labels: , , , ,

Tuesday, August 11, 2009

Different stuff.....

Lots going on these days. But first I must comment on last Sunday's Dynamo game - I haven't seen scoring like that since Prom Night! Geez, the Houston defense had more holes in it than OJ Simpson's alibi. But they won and that is what counts.

I'm working on a collocation project for my current employer. I'm big on planning and prep work - that is the only way I see things getting done in a reasonable amount of time. I also favor an incremental approach - don't do everything at once, instead take several smaller steps and build toward milestones and the main goal. That way you can back track in case mistakes were made or you need to come up with a different approach (because management has changed its mind). I've got the servers built out, I've got the software in place for replication across the WAN, and I still must configure the firewall for the new data center. But I'm having to wait on the co-lo vendor. Always with the waiting!

I thought that after I earned the CISSP certification, folks would be pounding down my door begging to offer me IT Security related jobs - fat chance of that in this economy. I felt the same way back in 2006 when I earned the Master's degree but still had trouble finding a job. What is it going to take for someone to offer me a high paying, IT Security related job?


Rob Hiltbrand, MS, CISSP
Posted by at No comments:
Labels: , , ,

Monday, June 29, 2009

Thoughts from the CISSP exam....

I took the CISSP exam last Saturday but don't know if I passed. Now I can say that there was only one out of the total of 250 questions that I didn't have a clue as to what the answer was. Typically I could identify what the possible right answer was and then reason it out. The key was to answer the questions the way that the ISC2 folks would want them answered.

The one thing that really stood out for me was that this was not a technical exam - it was a managerial exam. At least, that is my perspective. Instead of being down in the trenches, the questions come at you from a higher perspective - you must be able to see the forrest for the trees. A person must think in terms of how to implement & manage an asymmetric cryptography infrastructure within an organization, not just what algorithm does symmetric cryptography use. Think in terms of what would the most effective Access Control system be for an organization - do you want something that is role based or discrectionary? And whatever solution is picked, it must be cost effective.

After taking the test, I have a new appreciation for those folks in the IT Security / Information Assurance management ranks that have to make hard decisions every day.
Posted by at 1 comment:
Labels:

Friday, June 19, 2009

CISSP Exam....

I'm tired of studying for the CISSP exam! I don't want to look at the material anymore. But I'm scheduled to take the exam next week so I'll just have to put up with it. I can't afford to flunk the CISSP exam!

I'm so friggin' happy that the Houston Dynamo and City of Houston municipal government are making progress on the new soccer stadium - it is about friggin' time!
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)