Posts

Certified in Cybersecurity (CC) Exam Review

-
On February 13, 2024 - I sat on the ISC2 Certified in Cybersecurity (CC) exam for one purpose: To tell you what I thought of it! First, I must mention, I took advantage of the free exam voucher ISC2 gave away last year. And to those who thought they missed out, don't worry. ISC2 is offering this exam voucher, along with self-paced training for free ! This is part of ISC2's mission to certify approximately one million cybersecurity professionals and break the cybersecurity workforce gap. The exam is 100 questions (it is not a CAT exam, like the CISSP, which I wrote in 2018 - so you can expect to see all 100) and they give you 2 hours to complete it. While I only needed 20 minutes to complete the exam, it was more than enough time for me to provide my assessment.  So what are my thoughts? • Generally the content was good and scratched the surface on the cybersecurity principles • Felt like a lightweight version of the CISSP • Of 100 questions, there were some duplicated eff...
Post a Comment
Read more

Managing Risk Appetite as a Cybersecurity Professional

-
One of the questions I am asked the most from my mentees is how to manage risks in their company without taking it personally.  Listen, I get it. It's hard to take pride in something you do and then not think it's your fault when a recommendation you've made was rejected or even ignored. Mostly, these business decisions aren't a means to state that the work you've done was invaluable, it just means that the organization evaluates risk differently than you. Their appetite for risk, which usually is mitigated with spend, is greater than yours.  Let's say you identified, what you think, is a critical risk to the business. A hypothetical example would be preventing data leakage from insider threats. You've spent several hours looking over the risk scenarios, mapped out where your gaps are, performed a probability/impact and a cost analysis and know what a solution will cost. However, you are unclear on what the cost of this risk being a reality is. You identifie...
Post a Comment
Read more