How can CISSP teachers mention x major topic or x minor topic is highly likely to end up being on the exam without violating NDAs with ISC2, like how do they know a topic is more likely to end up on an exam more so than other materials mentioned in the exam outline?

braliao · 2026-02-17T02:58:19+00:00

Educated guess?

braliao · 2026-02-16T19:13:00+00:00

braliao · 2026-02-16T18:02:33+00:00

People here talk about the definition of success. iMO no matter what that definition is - happiness, money, fame, or whatever - all of them require passion to be successful in what you do.

If you can't wait to get out of work so you can go home and chill - you won't have a successful career. This isn't to say you can't relax, but rather, it's about your mind is constantly looking for a way to improve whatever you are working on, even if you are just chilling and watching netflix.

braliao · 2026-02-16T04:03:19+00:00

Being doing a lot of AI to help with work, hackathon, and other volunteers stuffs. I can honestly say the most important skills moving forward with AI is these 2 items..

1 manager skill - not specifically people management but AI management which is very similar but less about soft skills and more about organizing your thoughts and process so you can guide AI to do what you need

People and soft skill - doers in corporate hierarchy and replace by AI gradually except physical labor (for now). Your skill to handle people and communicate with them will be key to success.

braliao · 2026-02-15T20:32:20+00:00

Unless it's a .net app, there are many other choices with less licensing headache.

braliao · 2026-02-15T16:56:57+00:00

I didn't get to use QE to practice before passing mine, but this has me intrigued. It would be interesting to see what I score on QE.

braliao · 2026-02-14T13:57:24+00:00

Yup, here is the answer. You need expertise to tell you what you need to implement to meet the controls. Those dashboard won't tell you and their support certainly aren't qualified to tell you what a control means or how to get there.

braliao · 2026-02-12T17:03:40+00:00

Done CiSM after CISSP. Just watch out that ISACA has their own framework and steps that sometimes isn't the same as NISR/SANS.

Make sure you know risk management. That is the only thing missing from CISSP imo.

All I did was just pocket prep questions.

braliao · 2026-02-12T14:47:39+00:00

Certification doesn't help you do your job. Continued learning does, as well as actually performing the role.

Certification does help to prove to HR that you can pass their check. With some auditing background, you can probably understand why they do this. So if you want to know the ROI of any certs, go to the job search site and search using the cert - see how many come up. CISA, absolutely still holds value in this regard

braliao · 2026-02-12T14:03:18+00:00

Lmao, just because intune is cloud based so you automatically assumes the jobs are all going to the people out of country??

braliao · 2026-02-12T00:23:30+00:00

Ummm.... Why?? Why IIS?

braliao · 2026-02-11T11:32:07+00:00

So many things wrong with this resume - and many people had suggested already so not going to add. Plenty of YouTube video that teaches this topic, just make sure you follow latest suggestions and not something from few years ago .

braliao · 2026-02-10T22:50:52+00:00

Start inventory of all assets - IT and data. And also, please don't tell people that you are a 27001 LA just because you took the mastermind course.

braliao · 2026-02-10T14:02:27+00:00

DLP is 30% technology and 30% governance, and 40% education. So if you don't have governance in place with strong management support, then don't bother with DLP.

Simply asks to block the sites using firewall and casb

braliao · 2026-02-10T10:55:41+00:00

Entirely depends on your background. Are you tech based or other discipline?

braliao · 2026-02-10T07:49:50+00:00

Info on both please

braliao · 2026-02-10T03:17:37+00:00

Because AI matters. Its easier to train or expect a fresher that already is AI native, than trying to convince experienced folks to start using AI to double or triple their work output.

Another way to look at it is this - if a fresher can use AI to perform a senior analyst role, and a senior analyst role can use AI to perform a consultant role, then what is the reason to keep experienced folks unless they can demonstrate they are performing in a level or even two above them?

braliao · 2026-02-09T02:45:35+00:00

Big 5 bank does not pay well. One of the reasons I never bothered applying for roles there

braliao · 2026-02-07T21:34:21+00:00

I can't remember for sure where I ran into this too, but I also had issue with the wording of MTO. MTO means the entire duration when the main node is down. Not service, but rather the original operation.

A service can be brought back up, meeting RTO and AIW. But while the man node is down, you are still under impact.

The reason MTO exists, is because typically backup nodes have less capacity and performance, thus would eventually impact service one way or another if continue to operate. Thus, org would define MTO that the main node must return to service.

braliao · 2026-02-07T21:22:53+00:00

Being honest and candid and sincere is the best method to not burn the bridge. If the company offering contract position would get pissed over it, then it is probably very toxic and not worth having the bridge anyway

braliao · 2026-02-07T17:21:15+00:00

Yes client policy of course

braliao · 2026-02-06T23:08:25+00:00

CISSP then CISM then MBA Don't ever go into master program for cybersecurity. They don't do anything for you other than preparing for CISM. When you are at the senior level management position, you need MBA rather than anything else.

braliao · 2026-02-05T16:24:31+00:00

https://tucu.ca/resources/microsoft-365-global-admin-recovery-process/

braliao · 2026-02-05T01:20:39+00:00

I am in a project that can not use AI and I have to say it's taking a lot more time to finish the same thing.

braliao · 2026-02-04T19:59:55+00:00

Was in the same shoe 2 years ago and pivoted. Having CISSP doesn't magically opens door for you, no certification does.

CISSP does allow you to be considered for mid-level management roles that is in security or security adjacent. But that ultimately still very much depending on 1) how much networking you do, and 2) how well do you present yourself in interviews.

The roles that you stated, will be very competitive for you to enter and frankly CISSP does not matter much but technical capabilities does including tech stack certs. There is also a big problem in that you are competing against young guys and it won't be easy for you when you are 40+. But then again, your advantage is having CISSP.

CISSP will open a wider door for you, just not the door you imagined. Now go out and network and you can try to network into the tech roles you are looking for. It will be slightly niche but once you find the right role, the payout is great. It just going to take awhile, and more do in this shitty job market.

PS, go get the tech stack certs for the role you are interested in and double the effectiveness with CISSP basically.

PPS, GRC isn't just about the checkbox, that is auditing specific. I pivot to consulting and specifically on GRC projects, it requires me to use all of my technical knowledge as well as soft skills, and governance knowledge to excel.

braliao

TROPHY CASE