As the leading organization in computer security training, the SANS Institute is known for providing intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks.
We also develop, maintain, and make available at no cost the largest collection of information security research documents and whitepapers about various aspects of information security and operate the Internet's early warning system - the Internet Storm Center.
At the heart of SANS are the many information security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.
"Cyber Rosetta Stone": a useful idea, supported by a great analysis work. The standards comparison and categorisation is awesome, and throws light into how complex our industry is becoming.
32:06 This was published in 1984. That’s 30 years ago. And yet we are where we are. What happened? Sheer stupidity doesn’t provide a credible explanation given that there are enough people who are intelligent enough to understand. The only other possible explanation points to ill intent. The same with this cloud stupid madness. Even if I could create something-anything, I won’t. Ever. One has to be utterly irresponsible to put anything in the hands of criminals even if they are disguised as defenders. Do you understand?
I would argue that recovery has no place within blue teams . The cyber incident management being referred to here involving recovery is training for ISOs and business continuity. At a certain scale nist 80061 is absolutely essential to sec im and keeps an official record solid for regulatory proof . While I see where you are coming from this becomes mom and pop vs large enterprise reality .
45:20 Listen. You seem to be a decent man and a very good teacher, however… If their stupid incompetence affects me, I can’t be chilled about it, can I? If I were just an external consultant, it would be probably easier. But if my job in that company is at risk and/or if my data is at risk because an idiot up there can’t be bothered…Huston, we have a big problem. And, by the way, this typical Western type of mentality is one of the main causes for the demise of the West.
This is so appalling that I had to come back to it. I have a question. Do the candidates know that they are subjected to a psychometric test? Presumably not. How does it fit then with Data Protection/ GDPR and other ethical considerations? (Not that anyone is bothered by law or ethics. I am an idiot, I know). It’s hacking into their minds. Listen. I don’t know who the hell you are and why you are doing this, but if you put my account on a RU-vid clone, have the minimal decency to, actually, do a fucking proper job and throw a reply to my comments now and then (hopefully with something intelligent and useful). Morons.
35:35 Thanks for the tip. If I will ever take this test that is obscenely expensive (who can afford it in their first five years of IT work?) and run by robots (because these days humans are unable to think and exercise sound judgement), I will read some Marcus Aurelius in the morning to get in the appropriate mood. I had a look at some questions on a IT website and the first one was ‘Which factor is the most important item when it comes to ensuring security is successful in an organization?’ to which, at least according to this seemingly reputable website, the correct answer is ‘Senior management support’ instead of the common sense one which is ‘Security awareness by all employees’. Not even the highly dubious excuse that this is a ‘research question’ would be good enough for me. Why? Because any test should primarily be about teaching the candidates and improving their practice. Even if they fail, they will know more. But no. This overhyped test not only that confuses them with the so- called ‘research questions’, it, also, deprives them of the opportunity of pondering on relevant issues (because it stops when the bot decides so) and doesn’t provide them with at least an indication as to why their answers were wrong. It doesn’t help their professional development and can have a devastating impact on their self- esteem. All the administrators want is for the bot to tell them who is worthy of having this certification. Its very purpose is selfish and counterproductive. It is rubbish. How did it get to have this aura of excellence is beyond me 😃
30:10 I think you may be a little bit economical with the truth here. Are you sure that the questions with the obviously wrong possible answers do not test something else (such as resilience when faced with frustration/cognitive dissonance and suchlike)?
Great overview. I regularly have the 'IM or IR' question raised to me, and this sums up the answer perfectly. Having also attended LDR553, I can say it's an awesome course.
There's 2 types of people. Grateful people with a positive mindset, who are willing to learn and who will pass the CISSP. Then there are people who complain about microphones which are of adequate quality for the purpose, whilst people were working from home during a global pandemic.
I am 95% sure I know how Lockbit was caught. Ryan, I would like to discuss privately, my opinion with you. Let me know good means to contact! Would love to have a chat