In January 2012, some fairly sensational news stories were published about a major data breach at City College of San Francisco. According to the early reports, tens of thousands of student records may have been compromised. Even more interesting, the reports said that some systems may have been infected for over a decade and that there were connections to China and Russia. While the reports were interesting, they were short on details and I hoped to eventually read more after the school had some time to sort things out.
In May, the CTO of CCSF was suspended at least in part for his reaction to the breach. The Guardsman, CCSF's newspaper, published a series of articles that described controversy within CCSF over the handling of the breach, the CTO's management and accusations that the breach was a false alarm.
The CTO's tenure sounds like it was a disaster. It's also full of lessons for IT and security managers.
Wednesday, November 28, 2012
Wednesday, November 21, 2012
Wrapping up 2012
I've been really busy lately so I haven't blogged much. Things are coming together pretty well here at the end of 2012. Here's what's happening with me.
This summer, I won a free trip to Fishnet Security's iSWAT training event in Las Vegas through The Ethical Hacker Network. I decided to take the CISSP review course. I've been meaning to take the CISSP exam for a while, but it's been hard to find time to study since I'm working and in school full-time. There were only three of us in class, but it worked out really well. Instead of sitting in rows and listening to the instructor drone on for hours, we sat around a conference table and actually discussed things as we went over them. Many of the discussions went well past what we needed for the exam, but I enjoyed the hell out of it. It's not often that I get to spend an entire day talking about security.
My only complaint is that Fishnet was supposed to reimburse me for the CISSP exam (it was part of the package). I was told a month ago that my reimbursement was being processed, but I haven't heard back and I haven't received anything.
This summer, I won a free trip to Fishnet Security's iSWAT training event in Las Vegas through The Ethical Hacker Network. I decided to take the CISSP review course. I've been meaning to take the CISSP exam for a while, but it's been hard to find time to study since I'm working and in school full-time. There were only three of us in class, but it worked out really well. Instead of sitting in rows and listening to the instructor drone on for hours, we sat around a conference table and actually discussed things as we went over them. Many of the discussions went well past what we needed for the exam, but I enjoyed the hell out of it. It's not often that I get to spend an entire day talking about security.
My only complaint is that Fishnet was supposed to reimburse me for the CISSP exam (it was part of the package). I was told a month ago that my reimbursement was being processed, but I haven't heard back and I haven't received anything.
Subscribe to:
Posts (Atom)
Understanding Scope in Go
As per my New Year's resolution, I've been learning to program in Go and reading The Go Programming Language . On page 141 of the...
-
Most cryptographic algorithms deal with numbers that are 128 bits or larger. A 128-bit number has 2 128 possible values, but how big ...
-
This is in response to a Tenable blog post " Do Passwords Matter? " I have several issues with the post that I address here. Pa...