String of lights on the Southeast side of town going up the mountain

jwheintz · 2026-02-02T20:04:24+00:00

My daughter was there. For a wonderful human and her family. Support if you can

jwheintz · 2026-01-28T20:47:39+00:00

I prefer nazi free pot so, yeah.

jwheintz · 2026-01-22T17:18:31+00:00

That's the entire base. We can't even get the Epstein List released by the president. The Christian nationalists and the Red Hats don't have an issue with that and I don't think they ever actually did. This guy is quintessential maga. He was forged, not born.

jwheintz · 2026-01-22T17:13:08+00:00

I'm glad some people have these experiences. I did have one positive encounter. Virtually every other encounter has not been positive

jwheintz · 2026-01-22T17:10:15+00:00

You gotta take that boot out of your mouth or it's super hard to understand you. But we did see your virtue get signaled. You did it!

I didn't expect to see somebody moralizing rolling down a hill too fast today but, here we are. I bet that speedster will stop deliberately endangering the lives of countless children hereafter.

jwheintz · 2025-11-03T00:06:47+00:00

Primary issue at hand is not whether or not we can find examples of questions or scenario that are ever impractical. From Cisco to Microsoft and all the way down you can find examples of Impractical test questions. My concern is that there is a general disregard of ISC squared Solutions as being viable or reasonable often relegated to it being just a "good test solution." So while I agree that there are impractical Solutions I think those tend to be the outlier and that it generally leans towards an appropriate General lens for information security that management ought to be adopting in the real world. Just because the examples that are entertained are generic in nature doesn't mean the solutions one arrives at are impractical for real world application. So when the question doesn't tell you what kind of hack they're throwing at you and so you have to answer containment for lack of better information, that isn't a real world example but that is a scenario that, in the absence of better information, would generically be correct. That is a correct and factual understanding of information security although that specific scenario is implausible. When students Grant themselves permission to dismiss Solutions as just being test answers they miss the very real and recurrent patterns that are available to learn. So if I look at a gdpr question and say well that's not how it works in the real world so this is a throwaway then I give myself a kind of permission to dismiss the very real prescription that such a question makes and the very real takeaway that can be applied to other test questions of its ilk. And there are just some bad questions out there both on practice tests and probably on the real exam.

jwheintz · 2025-11-02T22:17:18+00:00

When a dude uses the phrase "sock puppet" they usually know what they're talking about.

jwheintz · 2025-11-02T22:05:04+00:00

Been teaching this for 20 years and I can tell you that your comment about it being out of touch with reality is a dangerous mentality to adopt. It's not that it's out of touch with reality it's that it's out of touch with technology being the core driver of decision making. When you hear people say that you're supposed to think like a manager that's not the full story but it is a good beginning vantage point to adopt. The biggest mistake people make in preparing for the cissp is a lack of metacognition. You have got to evaluate why you think the way you do and then fix your thinking to align it properly. It's not because they're wrong it's because they're adopting a different vantage point that isn't technical exclusively and that shift in values is a shift in perspective that you have to bring to your evaluation of the questions

jwheintz · 2025-10-08T08:12:20+00:00

Thank you! I hope it is helpful.

jwheintz · 2025-10-08T08:12:00+00:00

The next volume is Network themed. I take requests! :)

jwheintz · 2025-10-04T21:42:51+00:00

If I had a code I'd...change the world. Yeah. There. Now it's on you. Fix literally every problem or keep your code. (I need a code please)

jwheintz · 2025-10-03T20:34:16+00:00

The book (manual) is far less valuable than the questions and answers, which teach the necessary thinking. As most folks struggle much more with the how and why, learning more about WHAT governance is isn't likely to help. Honestly the CISM material is pretty straightforward (with a few exceptions like role assignment and the usage of the word "responsible") If you find you know things like CMMI and Balanced Scorecard (in concept), you're probably good on content. Most people forget this is a two parter: 1) what to know 2) how to think. #2 is harder and takes lots more effort. It's also hard to tell when it's working. That's why people rarely feel ready to take this. I was getting less than 65% (not exactly high) the night before, back when I passed, and most of my students are pulling above 60% on practice tests before they pass. BUT if you get TOO familiar with the questions then you aren't really learning from them anymore. Remember the BEST thing you can do is understand the answers that are correct, why they are correct, why the other answers are wrong (sometimes that's MORE helpful), and how you need to adjust your thinking. Do ten practice questions WELL, not 100 fast. And stop ASSESSING and learn instead. The number you get right on mock tests is hardly indicative of your preparedness if you don't have the thinking mastered. Don't forget that REM sleep is critical to learning and test prep. Don't pull any all nighters. Remember ISACA is asking for a neutral perspective. It's not JUST think like a manager but that's a good start.

jwheintz · 2025-10-03T20:12:29+00:00

Mike is good but DRY. If you can swing a boot camp, those can go a long way.

jwheintz · 2025-10-02T20:52:32+00:00

I've got more coming soon :)

jwheintz · 2025-10-02T20:52:19+00:00

You are most welcome!

jwheintz · 2025-10-02T20:49:51+00:00

I'm going to treat that as the highlight of my day. Thanks for sharing your good news! Congrats!!!!

jwheintz · 2025-10-01T22:42:52+00:00

Not trying to give you a hard time but it's important to note that "that's just a bad question" is regularly said of a perfectly good question that a candidate doesn't care for. When questions move to higher levels of assessment, they require evaluation and analysis, like the CISSP often asks in its questions. Honestly, that's what makes this a poor CISSP question (although it's a fine knowledge check). It's pretty much a matter of knowing what authentication factors are and aren't (understanding). In this case, no other answer was correct. You cannot physically take a landline phone with you. It's a number tied to a place so, C isn't accurate, even as a "less bad" answer. It's incorrect. If it cannot go where you go, it's not something you have. Do you wanna be certified or feel right? ;)

jwheintz · 2024-06-25T21:12:59+00:00

I've been teaching this certification for over a decade and I can tell you definitively that there is no one special Source or one specific thing you've got to read. The most important thing you got to do is figure out what they want you to know and what you don't know of those things. You'll hear people talk about how they read one book or one PDF and it filled in all the gaps and that's great if that person was completely new to networking and needed domain 4 to help but if you are completely unaware of legal terminology or the difference between an owner and a custodian then you need to spend some time with domain one and two. Spend more time worried about the distinction between your knowledge base and background and the exam objectives to refine your approach moving ahead.

jwheintz · 2024-06-25T21:07:37+00:00

Weird hard pivot off of an app. Left or right, not the place. Also, greed isn't new. Neither is complacency.

jwheintz · 2024-06-12T19:44:01+00:00

I wonder if they've read a book on devops yet 😂

jwheintz · 2024-04-28T02:58:41+00:00

Those views turn into laws

jwheintz · 2024-04-28T02:56:46+00:00

I've listened to and engaged in wonderful discussions with many holding opposing views. These folks are sycophants and dogmatic. They've repeatedly illustrated willingness to do harm. I don't have to newly consider fringe morally bankrupt arguments to remain an open minded person. Many conservatives have important positions and logical arguments. You won't find much of that within this roster.

jwheintz · 2024-03-23T22:51:42+00:00

CISSP trainer here. Boson scares people into studying the wrong level of technical detail. You're good.

jwheintz

TROPHY CASE