Why you should sit and study for CISSP

Posted on by

Almost every day I see people on social media whining about the antivirus or firewall being outdated, not working, etc.

This puzzles me.

Logs of these security controls show these controls work just fine. They detect, block and remove a lot of stuff.

Not everything, but lots of it.

This is how security controls work. They cover lots, but not everything.

The fact 0days are being found in the security software does not change the fact they are offering a huge benefit to any organization that runs an open ecosystem (people can install or run code w/o any restriction). Imagine the world w/o them and the internet and all services delivered via this channel collapse.

I start to think that most of people who complain about security controls don’t really understand their function.

Enter CISSP.

I advocate that every single IT security specialist should study CISSP material. You may sit the exam if you want, or not – who cares – but fundamentally, at least eyeball the material to get familiar with the security concepts presented there.

They are the core concepts.

They tell you that the world is NOT perfect and teach you what expectations you should have towards security controls.

They prepare you to recognize threats and manage risk.

They convert you from a techie frog sitting in a comfortable well of your personal interest and hobby into a professional connected to a real imperfect world where shit happens on regular basis, no matter what you do. It’s all about handling it gracefully.

Western Digital Security – a short story of a known password that doesn’t work

Posted on by

This is a short note to anyone who set up their password on their Western Digital drive using the ‘brilliant’ piece of software called WD Security and can’t unlock it, despite knowing the password.

If you know the password, but despite it being correct you can’t unlock the drive, it is possible you are using a very long password, longer than 25 characters. Turns out that when you set up a password the stupid software accepts password of any length, without limits. So, you enter your 30 characters password, set the password, unplug the drive, all happy. Then you plug it in again, provide your 30 character long password and to your horror, it doesn’t work. Try to input first 25 characters and it should hopefully work.

Other vulnerabilities of WD drives here.