If you couldn’t guess by the title of this blog post, I have indeed passed by CISSP certification exam (phew). I always reserve my judgement on the usefulness of particular certifications until I actually sit down and attempt them (unlike some people in the industry — you know who you are). Was it worth it? I believe it was. Due to the scope of the exam I forced myself to learn aspects of security that I had neither the reason, nor the desire, to understand. I feel that I have grown as a security professional because of my studies and hope that I can help others with the things that I have learned.
I’d like to give a shout out those people (you know who you are) who either helped me or reassured me that I would succeed. Thanks everyone!
My friend and colleague Rebecca Herold has graciously invited me to contribute a section on Detective Controls: Effectively Using Logs to her upcoming book, the Encyclopedia of Information Assurance (AUERBACH, ISBN 1420066757). I have humbly accepted and look forward to contributing to what sounds like a fantastic resource for the security community.
To my surprise, a conversation that I had with Ellen Messmer, of Network World, evolved into an article entitled the 6 burning questions about network security. We talked for a good 30 minutes on virtualization, where it’s at, and where it’s going. From the article:
Some security vendors are convinced that the main VM software developers are in such a rush to get their products out to grab market share that as Andrew Hay, product program manager at Q1 Labs, puts it, “security is an afterthought.”
Hay notes there’s no Netflow-enabled virtual switch to help with activity monitoring. “You’re creating a separate network that happens to reside on a box,” Hay says. “But no one pushes for flow analysis in the virtualized world.”
Should all this stop IT managers from going virtual? The bottom line, according to Hay: “It would be best to research your options before going full tilt.”
You can check out the full article here.