(ISC)² Community

Hi All   This is a perspective based on the current conflict with the Ukraine and Russia and the implications across the world.   https://securitybrief.co.nz/story/five-cyber-threat-trends-and-what-they-mean-to-your-business   What does it mean for your business?   Are you prepared?   Does your management understand the threats and the potential impacts?   Regards   Caute_Cautim

All   Is there such an acceptable for taking responsibility for lawful offense, given the current cybersecurity landscape and potential issues which have been going on for years, silently in the background?   Do we need to have a set of ethics as to what is acceptable vs non acceptance?   What are your thoughts?   https://www.lawfareblog.com/responsible-cyber-offense   Regards   Caute_Cautim   Caute_Cautim

All,   I need to get 80 more CPE's by August 2022 to renew my CISSP. I normally go to numerous security conferences per year however did not do many in 2019 due to family issues. Then 2020-2021 was COVID and all of my family was out of work so my focus was surviving/extra shifts at work over thinking about CPEs. The other problem is my current job is not that open about me taking off for security conferences, basically I have to use my personal PTO but used most of the PTO due to when I had COVID earlier in the year. I have signed up for Defcon and plan to maximize this weekend.   What are some other good FREE ways to get CPEs? I know SANS has their webcast (https://www.sans.org/webcasts/) that generate certificate of completion after fully watching each video. However, I would also like to use other sources outside of SANS. I know there is a ISC2 newsletter that reports CPE opportunities but I noticed many require paying for the events. Does ISC2 have an free on demand/archive for previous free webcasts that would generate CPEs after completion?   Also, I know there is the 2 CPEs for the InfoSecurity Professional magazine, can I go back to the previous months to get CPEs or does it have to be only for current and future editions?   Appreciate any help as I really want to spend much of this Fall and Winter catching up on CPEs. I am getting tons of anxiety over this as do not want my CISSP to lapse.   Thank You.

Hi all   I am trying to establish an internal offensive (red team) cyber security team. I have been asked to present to my executive and I was wondering if anyone had any really good power point presentations or other material that I could use to present to my executive on the benefits of having an internal offensive security capability (that compliments an existing external pen test service).   I am really just looking for a cool power point slide to really 'WOW' my executive. I don't mind writing the justification / content - but any material in that regard would also be useful.   Thanks for your help   Cheers Luke

I recently received in in-system private mail asking several questions about preparing for the CISSP exam. The questions themselves are likely to come to mind to many others, and there is no personal information in them. Thus, I am providing those questions and my answers here, to help others who may be concerned about the costs and steps to become certified.   =-=-== 1 - one of the pre-requisites that I read on ISC2 website is about proven past experience. So, when do I submit this proof? - before registering for exam or after? DCS: You do not need to verify your cybersecurity experience until after you have passed the exam. Once (ISC)2 notifies you that you have passed (not the provisional passing score at the testing center), you must either have an existing g(ISC)2 member (fully certified) endorse you for certification, having reviewed and verified your experience history as you provide to his satisfaction, OR you must send your experience history statement ot the (ISC)2 office adn ask them to endorse you. DO the latter only if you do not have a member who knows you personally and can endorse you.   2 - As a proof - My manager is willing to give me letter with details - would that be suffice with my employment and salary letters? DCS: you do not need to provide any salary information. However, a statement from your manager describing your information security experience, number of years performing the tasks, and organized according to the eight domains, can be used to either a local endorser or to the (ISC)2 staff.     3 - Can I appear for exam without the proof letter? or it is mandatory. DCS: You can take the exam with absolutely on infosec experience. You should not do so; but you can. If you do pass the test with no experience, you have wasted your time and money, because you have only two years to get endorsed with 4 or 5 years of domain-specific infosec experience. Therefore, you should not take the exam until you have at least three years of experience.     4 - Finally, the cost of course - it’s about 7500 USD! - Do I really need that? or I can prepare on my own with official books and prepare for exam. DCS: You are not required to take any preparation course. The only mandatory fee is for he exam itself. There are several ways to prepare, including online course, cooperative study groups. self-study, and the high cost intensive week-long classes. The 7500USD cost you refer is clearly for one of the official (ISC)2 or independent boot camp classes. You need not take that unless you really want to. Personally, I discourage such a class, unless you need it to focus your attention in one week. The reason for my recommendation is that such cram courses do not result in long term memory. Either multi-week cooperative study groups or even self study accordion to your own study plan will result in much better understanding and knowledge retention.   5 - if I avoid the course fee - I still need to arrange for 745 USD - for the CISSP exam. Is that correct understanding? DCS: Yes, you will have to pay the fee for the exam, itself, and take the exam at a testing center. =-=-=-=   Good luck, all!   Craig

Are the recent ransomware headlines combined with the focus the U.S. administration has been putting on cybersecurity, especially this latest advisory, making it easier to have conversations with leadership or making leadership more responsive?   https://thehill.com/policy/cybersecurity/556625-white-house-sends-out-recommendations-to-private-sector-on-protections?rl=1   https://www.reuters.com/article/us-cyber-usa-ransomware-exclusive/exclusive-u-s-to-give-ransomware-hacks-similar-priority-as-terrorism-official-says-idUSKCN2DF26G   Just curious. What are your thoughts?

The (ISC)² Community has been updated during the last few months. Take a look at this quick (2 minute) video to learn more about new features and where to find discussions in the Community. You can find it on the Community homepage or click here to view.        https://www.youtube.com/watch?v=QsWi_uVSgOs&feature=youtu.be