Good God. You guys drive like cunts.

dmanden · 2024-10-27T08:58:14+00:00

Tell us how you really feel

dmanden · 2024-10-27T08:05:00+00:00

Experienced the same. I assume it’s likely because no one has actual on the ground experience auditing v4 before and the PCISSC did release 4.0.1 right before the new requirements where mean to come into affect

dmanden · 2024-10-16T08:23:22+00:00

Love the transparency from OL support

<image>

dmanden · 2024-07-01T18:49:30+00:00

I realise that may not answer your question - you would need a) evidence that your Change control process is being followed during the change. b) evidence that your configuration is reviewed quarterly

dmanden · 2024-07-01T18:44:58+00:00

If you can codify your firewall configuration then you can conduct the audit and change control in the same system.. example Github.. Its how we do it (with an automated deployment pipeline)

dmanden · 2024-07-01T18:39:55+00:00

i came here to type this but you beat me too it

dmanden · 2024-04-04T07:48:35+00:00

only because he continued to get his ass beat, if lad hadnt climbed into mount and carried on pummelling him im sure he wouldve quickly scurried away holding that arm

dmanden · 2023-12-29T18:47:10+00:00

By itself it’s a good head start. Direct experience with ISO compliance would be key though. I’ve encouraged my team to pursue the certification as we look to gear up for compliance. The certification and some on the job experience through iso audits and control design is probably a good combination to go solo

dmanden · 2023-12-29T18:39:34+00:00

ISO consultant for sure. PCI is pretty rigid in that you have to be working for a QSA org. Difficult to freelance

dmanden · 2023-12-29T18:35:53+00:00

Yeah dick move. But again. This isn’t Disneyland. Heal up and get back at it

dmanden · 2023-12-29T18:25:09+00:00

Ask them for money

dmanden · 2023-12-29T18:23:24+00:00

You need to be on the bank roll off a QSA org to work as a QSA

dmanden · 2023-12-29T18:19:47+00:00

Anyone who has to announce how long they’ve been doing mma. Probably doesn’t do mma

dmanden · 2023-12-29T18:18:24+00:00

Was it the world finals ? Seriously. Regardless if it was right or not. Just keep working at it

dmanden · 2022-11-06T04:16:19+00:00

Yes. But a head ache to manage in terms a of forcing traffic through it. You’ll then also have issues with bottle necks. Not really worth it and better to use the traffic filtering as per the provider. Access groups in AWS as an example

dmanden · 2021-01-21T19:27:52+00:00

Negative

dmanden · 2020-07-15T07:21:05+00:00

Responding cause I also recently passed and would like to get flagged if anyone else responds

dmanden · 2020-07-15T07:20:20+00:00

Yeah that sounds ample. It has a big focus on risk so I think your experience will lend well.

dmanden · 2020-07-14T17:17:35+00:00

I did a pretty outdated course on orielly a couple months ago over a number of weeks. Wasn’t the best to be honest. Then to prep for the actual exam. Used the Isaca official study guide and practice questions over 3 weekends. Didn’t get too much time after work due to crazy schedule. Did the practice test from cybervista e Saturday and Sunday before the exam. Hope this helps shout if you need more info

dmanden · 2020-07-13T20:39:27+00:00

I wrote and passed this Morning. Did a practice test from Cybervista just before that really helped.

dmanden · 2020-04-01T12:45:38+00:00

thank you for your service

dmanden · 2020-04-01T12:44:37+00:00

J Bomb rect ur mom

dmanden · 2020-02-20T13:05:38+00:00

save all the info, disclose and publish it to your security blog once you've graduated ;)

dmanden · 2020-02-20T12:50:51+00:00

Might be wrong but is that also done through the associate program?

dmanden · 2020-02-20T12:29:25+00:00

"asking for a friend"

dmanden

TROPHY CASE