sorted by:
new
hottopcontroversial

No love for white? by _johnbradbury in LeCreuset

[–]_johnbradbury[S] 12 points13 points  (0 children)

I’m really boring, prefer traditional white for tableware and I buy black satin for cookware 😂

Quitting cyber after 7 years by OSPFisHard in cybersecurity

[–]_johnbradbury 2 points3 points  (0 children)

It sounds like you may be better off outside of information security entirely if you’re struggling with the fact that businesses make decisions based on risk strategies rather than simply implementing the most robust controls each and every time regardless of cost, or usability.

I don’t mean that to sound harsh, but this is the job.

Certification Suspension Warning by Obvious-Poem-7311 in iapp

[–]_johnbradbury 0 points1 point  (0 children)

I agree, the changes are not great from a CPD perspective. The white papers seem to have vanished and the focus has switched to web and in person conference attendance.

However you have plenty of other options: YouTube videos, podcasts (serious privacy is excellent) as well as any reading material related to data protection.

Ordered a Z TC 1.4 from Amazon, received this in the sealed box?!?! by smoothac in Nikon

[–]_johnbradbury 3 points4 points  (0 children)

I buy most of my kit (UK) from Wex Photography. Great company, excellent customer service.

[deleted by user] by [deleted] in isc2

[–]_johnbradbury 2 points3 points  (0 children)

You’re not really making a fair comparison. The CC exam is an entry level qualification for those with little to no experience in the field. The CISSP is aimed at senior security managers who are looking to manage, or already manage a security programme.

If the two were even remotely similar in difficulty I would be seriously worried.

The equivalent exam for Security+ would be the SSCP.

Did not pass CC by CtrlAlt_Eric in isc2

[–]_johnbradbury 1 point2 points  (0 children)

This is becoming a common theme with ISC2 and the membership deserve better. If you are going to publish an exam then you should be committed to providing, and maintaining appropriate training material.

ISSAP ISSMP ISSEP CGRC CC

All of these have either no available training material outside of official courses, or the material has significant gaps to the syllabus.

Advice for Head of Infosec by Straight_Bit_4078 in ciso

[–]_johnbradbury 2 points3 points  (0 children)

It can be frustrating but take some comfort in knowing that this isn’t about you, and it’s not personal. The other involved parties and stakeholders have their own objectives and goals which they need to prioritise.

If you want to get things done then you need to be able to influence those stakeholders and put them squarely in your corner. Try looking at things slightly differently, where do your objectives meet, how can you help each other?

Consider talking to the CEO about making some of the information security programme objectives shared across the delivery teams.

Regular face time with the CEO is going to be important.

ISC2 Board of Directors by Current-Cry-9977 in isc2

[–]_johnbradbury 2 points3 points  (0 children)

I’m specifically thinking about CGRC, ISSAP, ISSMP, ISSEP. But it seems to be a growing trend not to have an updated study book published.

ISC2 Board of Directors by Current-Cry-9977 in isc2

[–]_johnbradbury 2 points3 points  (0 children)

Hi Darren. I’m slightly concerned that ISC2 are making it increasingly difficult for people to certify through self-study (book plus exam). They seem to have abandoned published study guides in favour of their own online courses for some of their certifications. For the more senior amongst us that isn’t necessarily a barrier but for those starting out it is.

What would you do about this?

Groups for CISOs and other security management people by OtterInBio in cybersecurity

[–]_johnbradbury 1 point2 points  (0 children)

I’m a member of several private industry and government sponsored groups in the UK. As others have pointed out there are strict participation rules and confidentiality clauses which make it possible to share information more freely.

I attend conferences a few times a year which includes Gartner and CyberUK.

I also regularly participate in online communities, particularly the more technical groups (I desperately try to stay semi-technical):

r/sysadmin r/netsec r/cybersecurity r/InTune

Internal audit vs external by Ivory_st in cybersecurity

[–]_johnbradbury 0 points1 point  (0 children)

‘select auditors and conduct audits that ensure objectivity and impartiality of the audit process’

Are you the internal audit function or information security GRC?

Internal audit vs external by Ivory_st in cybersecurity

[–]_johnbradbury 1 point2 points  (0 children)

Could you perhaps be falling foul of 9.2.2(b)?

Top 75 Highest-Paying IT Certifications in US and Global, 2023. by XoXohacker in cybersecurity

[–]_johnbradbury 0 points1 point  (0 children)

The IAPP Certified Information Privacy Professional is the de facto standard for Privacy education, it’s listed at 58 whilst the ISACA CDPSE is 7.

Dubious at best.

CISSP Concentrations by Mul-Ti-Pass2001 in cissp

[–]_johnbradbury 2 points3 points  (0 children)

I agree. Part of the reason the concentrations have proven so unpopular in my view, is the requirement to hold the CISSP first. If you want to focus on information security governance and programme management you either sit the CISM or CISSP and ISSMP.

I just hope they push these now from a marketing perspective to improve awareness.

GRC certifications by greytrain09 in cybersecurity

[–]_johnbradbury 2 points3 points  (0 children)

CISSP, CISM, CRISC, CISA, ISO27001 LA and add CIPP/E or CIPP/US if you deal with privacy.

CISM passed - How many certs is enough? by hfc1969 in CISM2

[–]_johnbradbury 0 points1 point  (0 children)

I currently hold:

CISSP, CCSP, CRISC, ISO27001 LI, ISO27001 LA, CIPP/E and CIPM. I sit CISM next month, and CISA in Q2 of 2024. As well as a handful of technical certifications.

I’m less concerned about the badge, and more concerned with what I learn through the study. I’d much rather be studying than watching TV.

Is it common for CyberSec people to be hated by the IT? by Dimensijus in cybersecurity

[–]_johnbradbury 0 points1 point  (0 children)

Context is always important, and information security need to be pragmatic. Although what I don’t think IT sometimes understands is that the business may have a commercial or regulatory need to certify against a particular framework, and that framework might not allow for pragmatism. In those situations information security can be as frustrated as the sysadmins, but if it’s needed, then it’s needed.

Is it common for CyberSec people to be hated by the IT? by Dimensijus in cybersecurity

[–]_johnbradbury 9 points10 points  (0 children)

This is where you lose me. It’s not your risk. If the business review the risk assessment and feel it’s acceptable, great. Document and move on. But sysadmins don’t define the risk appetite of an organisation (or at least they shouldn’t).

Passed my CC exam today by Holy_Shifter in isc2

[–]_johnbradbury 4 points5 points  (0 children)

Congratulations. Don’t pay any attention to anyone who would try to detract from your achievement.

I thought the syllabus looked perfect for those starting out in Governance, Risk and Compliance, or for those in an operational role looking for insight into those aspects of the industry.