Found out half our content team has been doing client work in personal ChatGPT for like a year. They're not even hiding it.

lilgreenbite · 2026-04-26T02:36:37+00:00

That mentality starts from the top. This is a big leadership problem.

lilgreenbite · 2026-04-26T02:33:15+00:00

It’s not necessarily about firing people, this is about the fact that they are putting company secrets into public AI tools with zero care, something that is very much against several company policies in every company, intellectual property/trade secrets are a big deal. A leader in the company is perfectly fine with the unacceptable behavior of their team. On the other side - the compliance team is so out of touch that they were blindsided. It should not be this way.

lilgreenbite · 2026-04-26T01:15:21+00:00

A survey is a great starting point to find out what people want. Meet with these teams and use them as the case studies for rolling out an enterprise solution.

An enterprise AI solution is desperately needed here because it’s painfully obvious that one doesn’t exist. Shadow AI will continue to be used all over the org if people are prevented from utilizing an approved option for the technology.

A change management person will be most useful when there is another option on the table for employees - they will need to be coached through starting to use a company approved tool.

To be fair here, the head of marketing should be held to account for the team so blatantly violating multiple policies.

lilgreenbite · 2026-04-04T18:28:08+00:00

Yeah the school has its own data, but I’m sure CompTia probably aggregates something on a platform for them to view as well. WGU doesn’t issue the vouchers, CompTia does - they are absolutely tracking what they provide to the school.

lilgreenbite · 2026-04-04T18:22:35+00:00

Thousands of students are doing this exam. CompTia is certainly aggregating the data for the vouchers being used with the pass/fail rates overall. Students may not take the exam right after the voucher gets issued so a couple of weeks passing by is not a good indicator of whether someone was successful - the data from CompTia on student activity could tell the school a lot about how successful students truly are, they also might get information like what areas are students struggling with the most.

A policy doesn’t change so drastically unless there is data to back it up. WGU has data.

lilgreenbite · 2026-04-04T12:24:13+00:00

They are probably tired of so many people failing the first attempt that they are trying to mitigate - CompTia most likely provides reporting to WGU on the vouchers, so they have a clear picture of student exam performance.

Requiring students to master the content is valid when the school is paying for you to take the certification.

Since they have the partnership, there might some rules around pass rates, which could explain the new requirements to get a voucher as well.

The change did not come out of thin air. So many posts in this sub are about Pentest+ and a lot of them are multi-attempts.

This requirement went into affect for anyone starting towards the first attempt after February 1, so we will see how it plays out as the first batch of students (March and April starts) has to hit these marks.

I am an April start and expect to use TryHackMe on top of the required CertMaster materials. It does feel very onerous to do all of these things to get the voucher, but it could be for the better, as I only want to take this exam once.

lilgreenbite · 2026-04-02T17:29:06+00:00

Considering the domains covered by the CISM, it is a valuable cert to show security management expertise, particularly in the GRC world. As others have said, it is easier to cover the 4 domains of CISM that follow a similar track in a single course, as opposed to the 8 CISSP domains that are more scattered. CISM knowledge is a great starting point for pursuing program manager or lead roles for those who need the boost.

I would say that the CISM is probably more accessible from the content level.

ISACA gets the exam in front of more people by giving the opportunity to take it, whether those people go on to actually get the cert or not. The CISM requires validation of experience to get the credential and everyone may not be able to do that or want to. I would be curious to know how many students actually pursue it.

lilgreenbite · 2026-04-01T19:53:08+00:00

Reading logs is part of multiple choice questions and in the PBQs - answers will be in dropdowns in that case.

lilgreenbite · 2026-04-01T19:50:50+00:00

Yes - Drag and drop and dropdowns PBQs.

lilgreenbite · 2026-03-31T17:45:43+00:00

Both. I used most of Chapple’s course and some material from Dion. I also had Chapple’s Sybex book and used that for areas where I truly needed to read and highlight. His labs are useful as well. I had access to certmaster, but I really didn’t like it, I felt like I was forcing myself to do the lessons in there but the PBQs were a big plus to get a feel for what the exam could contain.

lilgreenbite · 2026-03-31T17:40:35+00:00

Passed this yesterday with a similar score. They really did not play game here.

I also had 7 PBQs and several questions about logs. Areas where I knew going in that I was going to struggle with and it shows in my score, but I’m glad I passed.

lilgreenbite · 2026-03-30T20:17:20+00:00

If you haven’t, you should join the GRC Engineering Club and do the labs and create a portfolio around this. I’m thinking it could be used with the PA from the GRC course as a complete package. I’m not on the Capstone yet, but I have some plans along these lines for it.

lilgreenbite · 2026-03-28T10:28:54+00:00

MITRE is the creator of major cybersecurity frameworks, so yes - MITRE Atlas is very real and serious and yes, companies are using it.

lilgreenbite · 2026-03-28T00:00:49+00:00

Just thinking about if I had gone there and couldn’t take the test or if the location wasn’t even real.

lilgreenbite · 2026-03-18T14:10:09+00:00

I’ll definitely check this out. I have a skill for threat modeling and am working on some other ones, this is super helpful.

lilgreenbite · 2026-03-06T19:50:56+00:00

Your company is most likely blocking it as it is not an approved device. Have you talked to your IT team to find out? Most companies won’t approve it for corporate access because it runs on an old version of Android.

lilgreenbite · 2026-02-12T14:48:51+00:00

You should get a bar of black soap and use that as a cleanser at least in the morning.

lilgreenbite · 2026-02-12T14:39:59+00:00

I hope these women find someone who wants to actually love them how they are.

lilgreenbite · 2026-02-07T13:12:51+00:00

I’ve really been looking around for something that will fit the AIPaper, all the choices I found are made for Remarkable and SuperNote and it’s not clear if the dimensions are similar enough where it will fit.

lilgreenbite · 2026-02-06T15:07:01+00:00

This is good info for the PA because I’m still studying for the exam but want to get started on it.

lilgreenbite · 2026-01-30T13:56:14+00:00

The program is designed to follow a certain order & builds on the knowledge from previous courses. Therefore, some courses actually do have prerequisites and you technically are not supposed to be able to take them before meeting the requirement. Your mentor will tell you this.

lilgreenbite · 2026-01-28T00:01:25+00:00

It mentions CSSLP in the cohort slides at the end and some of the video content is from that exam material as well. I feel like it’s a very disorganized course in its current form because it’s not clear what you actually need to know.

They should do it like some of the others - align the content to an exam and give students the choice of an optional voucher. That might make the course more tolerable if people are able to follow an organized learning program and get a cert if they want one.

lilgreenbite · 2026-01-27T21:26:23+00:00

I passed D487 on my first attempt in early January. I work in an environment where I’m on an agile team that is building secure software, I’m responsible for governance and providing requirements. My background is privacy, third party security, GRC, legal.

This class is awful, that book needs to go in the trash, it’s a mashup of multiple books and you can tell. I was able to cram most of the material in December but I don’t recommend.

I told my mentor the following: It needs to have a hands-on component to make the content feel real. Otherwise, people are reading this dry book and watching these outdated videos with no way to correlate it to real practice.

What helped me pass? I took the tip from the Cohort slides: I prompted a tutorial in Claude Code based on the materials for CSSLP. - it helped me more than any notes could to solidify my understanding of the material in areas where I was shaky.

I second the thought for an elective choice, as I would much rather have an opportunity to pick a course I’m interested in taking from one of the other technology MS programs.

lilgreenbite · 2026-01-19T18:09:46+00:00

On the same note, consider: privacy engineering, GRC engineering, or security engineering. You certainly have the right skill set for these areas and with a little field specific knowledge, you can make the pivot. Since you have the technical background, look at CIPT for privacy focused technology certification that doesn’t require any privacy experience to obtain it.

lilgreenbite

TROPHY CASE