|
I just passed my cissp. So if you’re gonna do this remember that according to the isc2 website their test is going to try and give you questions you have a 50% chance of getting right based on your previous answers and you already have a 25% chance of randomly getting a right answer. So if it’s assfuck hard and you’re asking yourself what the questions have to do with the study material even tangentially then you’re probably doing good. I had a practice test app that showed what percent of people answered a given question correctly and that would have been a useful feature if I’d bothered to read the isc2 website. And I guess that is about all I’m allowed to say about it.
|
#
¿
Nov 29, 2023 02:33
|
|
|
|
| # ¿ May 12, 2024 01:09 |
|
|
Sickening posted:What app did you use? Learn2zapp was the one that showed how well other people scored on particular questions so if you’re passing their quizzes by a good margin and your wrong answers are mostly hard with a few mediums then I guess you’re as ready as you can be. The thing is all the questions are targeted to have a 50% chance of failure and factoring in the automatic 25% of guessing and often being able to eliminate one or two answers. This means the test questions are all basically nonsense way over whatever you’re actually prepared to answer. I wasn’t thinking like a manager or using a cissp mindset or whatever other meaningless slogans people like to throw around. I didn’t understand how the test works so I was basically going through the motions confident that I failed, skim reading the questions and I passed at 125 with over 100 minutes left which I guess is good but honestly I don’t know how they measured any sort of competency from my collection of quick guesses. Almost none of it was very related to the study materials. I was planning on not retaking the test and just getting something else by the time I finished.
|
|
#
¿
Nov 29, 2023 17:32
|
|
|
eonwe posted:The thing I'm learning about IT Security so far is how much frustration other IT people view Security with. Which was weird because I always got along with the security people when the shoe was on the other foot. It's hard to convince people their vulnerabilities are important or even real Every security person I work with is a dumbass that makes my job harder and knows less about security than I do all while being smug as gently caress about it. So I don’t like them.
|
|
#
¿
Dec 5, 2023 14:54
|
|
|
CommieGIR posted:Security people like this piss me off and makes it really hard to work in the field. I think part of the problem is that there isn't really a such thing as entry level security but that conflicts with corporate notions of career progression and the sort of people they actually need don't even exist in the sort of numbers required to meet demand.
|
|
#
¿
Dec 6, 2023 18:59
|
|
|
Okta got hacked over and over and their response has apparently been to rectify their stock price with layoffs. Let’s see how that works out trying to secure extremely valuable data for like half of corporate america with 10% less help.
|
|
#
¿
Feb 6, 2024 18:48
|
|
|
Apologize for the weirdness of this post but this is the best place I could think to ask this question in the new lovely internet. So I’m getting back into information security after decades on the sidelines. I’m looking to start building out some hacking tools and I even did a PoC of some of these ideas oh way back when before covid. My question is when you have common scripting languages in windows, do eval() type functions typically get flagged by heuristic detection in endpoint security? Pretty much every good idea I have revolves around eval but I can’t be the first to see the utility and I the times I’ve had to use such functions in normal well written programs I can probably count on one hand so it might look suspicious.
|
|
#
¿
Feb 13, 2024 16:25
|
|
|
|
| # ¿ May 12, 2024 01:09 |
|
|
flakeloaf posted:Yup, the instructor talked about himself and the other jobs he'd had most of the time, between intonations that the exam was too broad to get into in class and that we should read the book and memorize every page on an "inch-deep / mile wide" level, and I decided the money the training budget had burned on this bullshit wasn't worth the corresponding misery of dragging my unmanaged adhd rear end through that kind of studying Dude what the gently caress is with so called instructors of the infosec industry: Start paid video lectures with 10 to 20 minutes of self promotion including a brag that they graduated 7 million people. Next disclaimer that watching their 20 hour series of lectures isn't enough to pass the exam unless you read the entire 800 page official guide. As if I don't loving know that I can pass a test by reading a book. Earlier this year I took one where the guy introduced himself and went straight into salesman brainwashing affirmations "You made the right choice with this course, this is a good course, I will get you through the exam, etc" Like 5 minutes later he was going on about how losers don't read the book and get what they deserve. Yep that's a refund you bald jerk. It was for the Pentest+, not even a hard exam. some kinda jackal posted:11th hour CISSP,! That’s the book I was thinking of and couldn’t remember. Thanks. Yeah, that’s what my teacher recommended and I thought it was actually a really really good summarization of the textbook. I’d say I passed on that book alone. This is the smallest CISSP book that does the job. If you have a feel for IT politics, read this book, and brush up on whatever stuff you don't crush in a practice exam you will pass. The CISSP test is crazy as gently caress though and uses some sort of statistical crap to make sure you always get challenging questions no matter how well you're doing. So if your questions are all barely comprehensible jibberish or you're made to choose between 4 wrong answers. You're doing pretty good. MustardFacial posted:The CISSP to me is a cert for managers primarily and holds no real day-to-day value. It's probably the oldest security cert. I suspect the whole "management" thing came later after they needed to differentiate their brand from newer certs that popped up as former hackers and script kiddies started influencing the profession on a much more practical level. Notice there is no M in CISSP but newer isc2 management certs have one? That said it forced me to learn poo poo I didn't want to learn and definitely helps me understand what management wants. Internet Old One fucked around with this message at 22:13 on Mar 15, 2024 |
|
#
¿
Mar 15, 2024 21:49
|
|