Saturday, June 13, 2009

Took the CISM Today!

I took the CISM today. I almost had a "stupid tax" and would remind everyone to sign up for the CISA/CISM/CGEIT with your name exactly as it is on your government ID. I go by my middle name and that almost bit more for the test. Fortunately, I passed the id check fine.

The test itself is a real pain. I primarily used the computer-based questions they sell. I was doing really well on those prior to the test, but the test has too many that are fairly different that it is dangerous to rely just on those.

In fact, I found many of the questions to be very vague and hard to nail down. My experience with the computer-based questions was that they sometimes leave clarifying words out, making for a fuzzy meaning at times. I learned which questions did this, but several on the real test seemed to repeat this pattern, making this a very frustrating experience.

This makes me uncertain whether I passed or not. I finished it in less than 2 hours, but I was uncertain about enough of them that I am not sure how well I did. I could see just going on either side of the pass and fail line or failing spectacularly based on my trouble with reading their intent with many of the questions.

In addition to the fuzziness, I found that I disagreed with some of the questions in the computer practice. I hope I had their mindset when I was taking the test today, but I am not sure.



Saturday, June 6, 2009

I Helped Someone Earn Their GSEC Certification!

I was very excited to find out recently that one of the students in my SANS SEC 401 class passed the GSEC certification that is tied to the course! While I loved our interaction throughout the course, it is great to know that not only did we all learn something over the course of our time together, someone learned enough to earn a very challenging certification!

I won't announce their name here, but I would say an open congratulations and encourage everyone else to consider that same path. The course material is great by itself, but studying for the certification is a great way to solidify the material and also earn something to prove your knowledge at the same time!


SANS 401 - Security Essentials - Mentored Course in December 2009

While it is not completely official yet, I believe I will be doing another SANS Mentored class covering their Security Essentials material late this 2009 and early 2010. It is great material that covers things anyone working in the information security field should know.

Contact me if you live in the Dallas-Fort Worth area and would be interested in attending this course. Also let me know if you have a group that would be interested in a more custom approach. I would be open to doing a more targeted class once I am back on my own in the fall!

This stuff is fun and I love working with others to master it.


I WIll Be Striking Out On My Own

I probably haven't written enough here for anyone to really care, but I have decided to take a buyout/departure offer from my current employer and it looks like I will be back to working for myself/RBA Communications as of this September. I will be figuring out my exact path along the way, but I expect it will include a lot of work on Secure development and especially secure code review. In fact, I think this is an area I am gong to start really pursuing in depth.

I know I am not the only one in that area, but it fits well with my background in both development and now information security/secure development. It is an areas that really needs solid evangelization, instruction and understanding. Since I really do well at communicating, this should be a good fit!

I will be writing more about this in the coming weeks. I am not sure how much posting I will be doing before September, but I am going to try and build up toward very regular advancement of the subject by that point.

I certainly don't claim to be the only voice in the field, but it looks like one that I can be really good at, so it is my aimpoint for now. :)