topic Re: CISSPforum replacement in Welcome

CISSPforum replacement

rslade — Mon, 09 Oct 2023 08:47:53 GMT

The long running CISSPforum mailing list on Yahoo Groups is being closed by ISC2, effective June 15, 2018. An alternate mailing list, run by volunteer CISSPs, has been created on groups.io. In order to join, you must both:
1) Send a message to cisspforum+subscribe@groups.io from the email address you would like to use on the mailing list or apply at https://groups.io/g/cisspforum

AND (you must do both: this isn't an option)

2) Send a message to cisspforum+owner@groups.io from the same email address you would like to use on the mailing list and include, in the body, your last name (as known to ISC2) (your first name is optional) and your certification number.

The moderators use the site

https://www.isc2.org/MemberVerification to verify your certification. Due to various cultural naming factors, you may wish to verify yourself, and what name(s) you are known by to ISC2, and then send the URL in the form (for example)

https://webportal.isc2.org/custom/CertificationVerificationResults.aspx?FN=&LN=slade&CN=23670 in order to ensure that it is correct and verified. (Please do not send in Rob Slade's verification and expect to be verified yourself.) (Yeah, really.) [Of course, that link no longer works due to the fact that a) it is based on the old verification site, and b) Rob Slade's certificate has been suspended.]

(I notice that a discussion of this issue has been started on the "community" under the title "Why cancel the active cisspforum Yahoo Group that has existed for years?" ...)

(And for those saying this is GDPR's fault, let me note that, since you can access all of these "community" postings from Google, it is far less secure and confidential than was the Yahoo forum ...)

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 18:59:03 GMT

Robert,

It's not locked for replies. You have to join the group.

Sincerely,

Eric B.

Re: CISSPforum replacement

Walter-Williams — Thu, 31 May 2018 19:03:48 GMT

The oldest email I have from the CISSP forum is in 2005. Since then, I've seen 15,645 distinct emails, on a variety of topics. Many of the debates, on risk, on metrics, on standards, ethics, etc. have been essential to my growth.

The peers I've met here have been essential to my career and professional development. That I can now call folks like Dain, Anton, Gary, Rob, Donn, Martin, Sami etc. (I can't remember everyone) peers is in no small part to this forum.

Like many, I don't have time to go to a web portal. I barely have time to read/respond email. If the new ISC communities could send me email, I might be tempted to join, so that I could mentor folks like I was mentored. They are not designed that way.

Closing this community, and offering as an alternative a location that doesn't scale to meet my limited time is not a way to serve the ISC2 community. None of the existing communities have the kinds of experience we have here because no one with that kind of experience has time for that.

We have time for email, barely.

You can claim that the ISC2 Communities are "successful". However, they've only attracted those new to the field, and the questions are not being answered by the mature, experienced experts, because none of us can find the time to goto a web portal.

For years, I've tried to defend the ISC2. Now you're making it so that I question the value I get from the organization.

The decision that was made does not serve us, the members, in any meaningful way.

Re: CISSPforum replacement

rslade — Thu, 31 May 2018 19:08:40 GMT

@Baechle wrote:
It's not locked for replies. You have to join the group.

Ah, thank you. I sincerely apologize for having made false statements about ISC2's management of this "community."

How interesting. You can read the group without having to be a member, but you have to join the group (and, first, find out that it is a group, and then find out how to join the group) before you can post. Since keagle announced it as "only accessible to those
who hold a current CISSP certification," this is obviously some new meaning to "accessible" of which I was previously unaware ...

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 19:19:28 GMT

Robert,

@rslade wrote:

How interesting. You can read the group without having to be a member, but you have to join the group (and, first, find out that it is a group, and then find out how to join the group) before you can post. Since keagle announced it as "only accessible to those
who hold a current CISSP certification," this is obviously some new meaning to "accessible" of which I was previously unaware ...

I have an idea. How about we contact Ms. O'Connor directly with your observations and concerns about the forum being still "accessible" meaning "readable" by the public, and request that it be fixed?

It appears as though (ISC)^2 is making sincere effort to build out the forum based significantly on a handful of very vocal peoples' concerns. You deserve some direct credit for catching a potential flaw and contributing so much to the way the community is turning out!

Sincerely,

Eric B.

Re: CISSPforum replacement

rslade — Thu, 31 May 2018 19:34:26 GMT

@Baechle wrote:
I have an idea. How about we contact Ms. O'Connor directly with your observations and concerns about the forum being still "accessible" meaning "readable" by the public, and request that it be fixed?

Interesting idea from the guy who keeps asking why we want to have a private, professional area ...

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 19:50:30 GMT

@rslade wrote:
@Baechle wrote:
I have an idea. How about we contact Ms. O'Connor directly with your observations and concerns about the forum being still "accessible" meaning "readable" by the public, and request that it be fixed?
Interesting idea from the guy who keeps asking why we want to have a private, professional area ...

Why thank you! 🙂 I aim to please.

I don't remember if you have successfully articulated why you believe a private (unreadable except for members) forum is necessary though. Although @Dain did a pretty good job. You may want to have that squared away when you contact (ISC)^2.

Sincerely,

Eric B.

Re: CISSPforum replacement

Dain — Thu, 31 May 2018 19:52:10 GMT

as they have now taken to censoring topics that they don't care for, the benefits to a non borg-clown environment might be even more obvious

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 19:56:11 GMT

Dain,

Censorship is exactly what you and Rob have been arguing for, as long as it's Censorship in your favor. The unavailability of that post to replies to non-members of the CISSP-only group is one step in the direction you wanted.

The post isn't locked for replies (last I check about 2 minutes ago), it simply requires you to join the group (if you have the CISSP credential) in order to reply.

Sincerely,

Eric B.

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 20:04:04 GMT

Walter,

@Walter-Williams wrote:

Like many, I don't have time to go to a web portal. I barely have time to read/respond email. If the new ISC communities could send me email, I might be tempted to join, so that I could mentor folks like I was mentored. They are not designed that way.

I get email digests, and emails with individual replies to discussions I've either joined or subscribed. I believe it's under settings to opt-in (GDPR?) to emails, and Subscriptions to manage what emails you get (Notification Settings, Email format, etc.)

I get that it's a new format and things are hard to find and get used to. I hate every time Microsoft releases a new version of Office, it seems the only thing they do is hide the features I use the most. But things change. Adapt and overcome... or join the Dinosaurs.

Re: CISSPforum replacement

Dain — Thu, 31 May 2018 20:04:25 GMT

How do you figure I am arguing for censorship?

If I have given that impression, it was thoroughly unintended. And I updated the post to make clear that I was the idiot... (tho I wonder if anyone can see those posts, and only CISSPs can reply/post)

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 20:12:19 GMT

@Dain wrote:
How do you figure I am arguing for censorship?

If I have given that impression, it was thoroughly unintended.

Maybe I'm overreaching my definition of censorship... The act of screening out objectionable, sensitive, or harmful material... Isn't that what the CISSP-only forum seeks to do?... ensure that this information (that we CISSPs unilaterally decide is objectionable, sensitive or harmful) isn't accessible to the public?

Re: CISSPforum replacement

Dain — Thu, 31 May 2018 20:16:07 GMT

Seriously, if you don't understand the difference between Privacy & Censorship theres really nothing to discuss.

Want my old CISSP for Dummies?

(I kid you not, was possibly the best certification study guide, ever)

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 20:27:35 GMT

Dain,

That's disappointing. I was hoping to get your opinion.

In my understanding Privacy and Censorship is divided by a fine line about who is preventing knowledge transfer. Either the owner of the information (privacy), or a third party (censorship). I was drawing ironic and satirical line that (ISC)^2 started incrementally implementing your requests, and several folks were calling it censorship.

Re: CISSPforum replacement

Dain — Thu, 31 May 2018 21:13:34 GMT

a couple of us being dumb (and expecting a private group to be, well private, which has yet to be born out in depth) is not censorship.

I was wrong, as was Rob.

Having a private group is specifically to the point of avoiding censorship - personal due to anti-establishment views, and the ability to post what ever anyone wants to post. Seriously, I'll take the knocks on not realizing I needed to join the cissp group, but how can you possibly make the stretch to equate privacy with censorship?

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 21:44:24 GMT

Dain,

Man, I'm not trying to rub missing the "Join" feature in your face. I honestly went in and tried to reply and thought to myself, "WTF?" when the button didn't work. I was just trying to share information that I found, because I saw other people had the initial same reaction.

On the censorship thing. Lately we've been going back and forth at each other kind of hard on the forum. That's not good or bad necessarily. But it seems like there's a lot of venting and not a lot of actually trying to solve problems. I don't have all the answers - in fact, part of the reason I was encouraging you and Rob to come up with full articulate justifications on asking for the forum to be privatized was that I was failing to come up with something articulate and fully justifiable that - if it were submitted to me, I would sign off on.

I'm just trying to rib you a little for being so frustrated. Not everything is a conspiracy against the "Old Guard". But sometimes we do have to move on. Hell, I reminisce about running Citadel, Wildcat, and Telegard... when I could actually make a system do exactly what I wanted, and forums were just straight txt on a monochrome monitor. Now THAT was useable - it was so simple. I was the last person in my office to get a cell phone, and my Grandparents were on the Internet before I was because I was sticking to my old dial up BBS. But, here I am. And this is what I have to work with. I'll give it a shot and try to make it work out.

Maybe it'll work out. Maybe it won't. Maybe I'll be so frustrated with the way it turns out (ala my experience with the Yahoo forum) that I'll bail on it eventually and go back to my Jeep forums. 🙂 But I'm here now. And, so are you. And at least for now, (ISC)^2 is apparently trying to make this what we ask it to be.

Sincerely,

Eric B.

Re: CISSPforum replacement

rslade — Thu, 31 May 2018 21:48:51 GMT

Oh, joy! I have learned how to edit/modify my own postings!

This was made necessary by the fact that I was not completely explicit in my posting about how to get on to the new CISSPforum. (Although to my mind the need to specify here is sort of akin to having to tell people not to roast marshmallows over volcanoes ...)

You have to tell the mailing list (cisspforum+subscribe@groups.io) you want on, and you have to tell the moderators (cisspforum+owner@groups.io) who you are. (In enough detail that they can check.)

Please go back and re-read the directions.

Re: CISSPforum replacement

Dain — Thu, 31 May 2018 21:58:20 GMT

no worries, wasn't taking any issue with any comments on the join thing... I question the reality of someone who seems to not be in infosec managing security of a security professionals web board, but no harm/no foul.

What your missing is the back story of how ISC has treated the forum that they took over from someone else, or should I say how they've ignored it.

Its fine to say hey look at this - its something that builds on / solves problems with the old school, but when this gets dumped on us, and then they say . oh, and we're closing the thing you like in 15 days. Well I have issues with that, I shouldn't be having a discussion about how to fix this, there were no problems with the old one (at the very least as shown by the 35-40 responses to ISC2s announcement that they are closing the old group) . ISC2 wants to be more relevant? A thinly veiled attempt at facebook like is not the way to get there

And really what problems does this environment solve? Seriously? If all the people move over I expect the same sort of things will happen (kudos/badges/or otherwise)

All this does is show isc2 cares nothing about anyone who has already paid for the overpriced test, all they care about now is generating BS metrics, marketing, and pretending to be making a difference in the infosec community.

The problem is ISC2, and how they are going about "revitalizing" the certs, they are turning into the next MCSE.

Someone else said on one of the earlier kudos posts that it was for the millennials, and thats some seriously bigoted crap. I am a parent of 1 millennial, and 2 others that are whatever the next generation is called, and none of them or any of their friends, or any of the millennials I've worked with need this kind of bs to get or stay involved with a worthwhile community.

I was an oblivion guy myself - nothing like trying to learn how to lock the 16550 uarts for the modems... ugg . As soon as I got that 1st cable modem I never looked back (actually the pipeline dial up I guess was the first)

like I said no harm no foul, I take better than I give most days (tho you've handed me some winners 🙂

Re: CISSPforum replacement

Baechle — Thu, 31 May 2018 22:09:26 GMT

Dain,

@Dain wrote:

Its fine to say hey look at this - its something that builds on / solves problems with the old school, but when this gets dumped on us, and then they say . oh, and we're closing the thing you like in 15 days. Well I have issues with that, I shouldn't be having a discussion about how to fix this, there were no problems with the old one (at the very least as shown by the 35-40 responses to ISC2s announcement that they are closing the old group) . ISC2 wants to be more relevant? A thinly veiled attempt at facebook like is not the way to get there

And really what problems does this environment solve? Seriously? If all the people move over I expect the same sort of things will happen (kudos/badges/or otherwise)

All this does is show isc2 cares nothing about anyone who has already paid for the overpriced test, all they care about now is generating BS metrics, marketing, and pretending to be making a difference in the infosec community.

I honestly think it has to do with GDPR. One of my coworkers (who is in Law School) recently wrote a Note for his journal on it, so I had an ear full of it the last few weeks. Here's what I speculate:

The old group was on Yahoo as an officially sanctioned extension of (ISC)^2, but (ISC)^2 doesn't control Yahoo's data collection policies. Yahoo collects data for all kinds of stuff in excess of "ensuring the basic function of (ISC)^2's CISSP forum".

Short of having a reconcilable contract between (ISC)^2 and Yahoo that limits what information Yahoo collects for CISSPforum members, we have nothing because the old forum goes away in either case. The only sensible thing to do to fix that is to bring management of it in-house. Well, here we are.

I speculate that from the timing between when this Community went live, to the timing of when the old forum was sunset aligns perfectly with the GDPR roll out in the EU.

Sincerely,

Eric B.

Re: CISSPforum replacement

Dain — Fri, 01 Jun 2018 02:26:44 GMT

Maybe, if they had discussed that particular tidbit with the group, I would care even a little. If they had even referenced the possible issues, I might be interested in participating in the conversation to address said issues.

They did not.