Slashdot Mirror
Physical and Network Security Merging?
MonMotha writes "CSO reports that physical and network security may be merging in an effort to eliminate redundant jobs, create a more secure security plan, and make security procedures more standardized across the company. This would seem to be a logical step forward as businesses become more and more dependent on their computers, and as the old adage goes, an attacker with physical access already has you owned."
does this mean we are going to be giving network admins guns? I don't really trust those guys, with all their quake playing and all.
GoatPigSheep, the 3 most important food groups
Microsoft's Brainchild Palladium.
I guess I'm gonna have to start ripping CD's off from the store instead of stealing them online. After all, if they're gonna replace their security guards with fat, pimply-faced l33t h4x0rz, I probably have a better chance outrunning them...
(-1, Raw and Uncut is the only way to read)
Then, it'll be really difficult to fire network operators!
where's all that Karma?
If your boss comes to the server room and hands you a badge and a gun, please *try* to take it a bit easier on the caffeine...
(Maybe they should also ban FPS gaming during work hours too...)
-- My Weblog.
If my CEO reads the article I'm going to wind up getting locked in my server room!
I'm glad the so-called network 'experts' have realized they not only need to keep their systems digitally secure, but also physically secure. Either sysops are dumb, or this is just a stupid submission slashdot put up because they needed an article.
The two groups will barely be able to communicate, let alone work together.
This is like saying we should merge parking lot attendants with people who maintain the computer system that operates an automobile assembly line, since both jobs involve cars.
This harebrained scheme is just some wannabe-visionary management consultant's cost-cutting idea. NEXT!
I cannot wait until the Bastard Operator From Hell gets in on this....
www.eFax.com are spammers
I do network security for a living. I also know the physical security people in my company. We have completely orthogonal skill sets and cultures. Most (non-guard) physical security posititions require knowledge of police work, evidence handling, physical monitoring equipment, etc. (Good) Network security requires advanced understanding of network theory, operating systems, programming, algorithms, network protocols, etc. It's not about watching an intrusion detection system all day. It's about influencing how programs and entire systems and networks are designed and operated, outthinking attackers, and so forth.
The International Information Systems Security Certifications Consortium (ISC^2) defines ten domains of information security.
Physical Security is one of them... a big one. So is network security, auditing, forensics, and liability, amongst other things.
Anyone interested in the relations of risk management and physical/information security should aim their research towards ISC^2 related documentation.. in addition to being fairly comprehensive you will be better prepared when you become experienced enough to apply for your CISSP certification. ;-)
(ISC^2 can be found here)
-PM
I must inform you that you surf gay porn sites.
-Gay Porn Site information services
After reading the headline, I pictured the guys from Armed and Dangerous sitting at a computer trying to figure out how to set up a firewall.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
When someone comes into your server farm with a gun and says "Let me access info I want or I'll blow your fucking heads off"! Then you will understand that security is security.
Plus the best place to hack a network is from the inside. Its not a "mission impossible" to get yourself access to a computer at any major financial institution here in the states.
Data is an asset that needs to be protected both in the physical world where it is stored and, and in the virtual world where it is acessed. The goal in each arena is the same, ignoring either is irresponsible. Thus the inevitability of these two departments combining.
The ASP I was working for last year was very forward thinking on this and ran both network and physical security as a simgle entity. Unfortunatly thinking ahead in security, didn't translate to thinking ahead when creating a sustainable business model.
is getting rid of that operating system that is simply 'not built for security'...;P
Considering the geek pay is 5x+ of what a rent-a-cop pays, and there is NO WAY IN HELL you can get your geeks to lay off the junk food and caffeene long enough to get in shape to chase down the mouse on their own desks... guess which one is the one amangement wants to get rid of... Hint: it's not the one who can move from his chair unassisted and can go read Security for Dumbies.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Can't wait to see the network being locked down by $5/hr joes... and physical security being run by $150/hr security guards...
So, instead of Rent-a-cops, are we going to have lots of Rent-an-admin positions available?
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
This is a BS excuse. If they kept the CIO in the loop, and the CIO was doing his/her job, they would have known about the wiring and bandwidth ahead of time.
Contrary to the parent poster's rather foolish statements, physical security people who help assess (perform threat/risk assessments) and implement solutions in physical security can be quite sharp and quite technically savvy.
For example, in evaluating a server room for the RCMP, I saw a physical security guy assess things like smoke detectors, fire extinguishers, construction of the ceiling, construction of the floor and walls, construction of the doorjamb and the locks used, etc. And he had to know his stuff as well as knowing what the pertinent standards for good practice (and in the case of government, for government standards for physical security). His prior job involved some assessments of some CSIS facilities (managing construction of same or something like that IIRC).
It is a very different skillset, but it makes total sense to combine expertise in both into one entity if organizational security is a requirement (and when is it not?). Ideally, in such a group, people will be cross-trained and particular experts in network/computer and site/physical/emission security will be retained. In practice, some poor sysadmins may get stuck trying to ensure physical security as well - depends on who is implementing the rationalization.
I recall reading a security text which devoted about twenty pages to encryption, network security, etc. and about 200 pages to other organizational security processes (including audits, risk assessments, emergency response plans, etc). If it costs me $100,000 to hack your network electronically or $5K to payoff a janitor, which do you think the bad guys will target?
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Recently, a revolutionary new technology has been discovered that has the ability to grant access to certain areas or items to a few people, but to keep the rest of the world at a safe distance of the often high-valued areas or items. This item will provide a great security tool for network administrators, considering it enables them to secure the server rooms from 1337 h4x0rzzz with a screwdriver. This amazing device, made usually from wood but in special cases where extra security is required, made out of steel or steel/metal alloys is called a "Door" and has been hailed by security experts around the world as the "entlösung" to most, if not all security problems, especially if this device is coupled with small pieces of metal/steel called "Keys", which can be used to lock the door using a complicated mechanical procedure.
Scientist are now thoroughly investigating in alternate ways of protecting ones servers or other private belongings. Several options include Glyphs of Warding, cummon the undead to protect a server and storage of servers inside highly radioactive or otherwise toxic enviroments.
Hate me!
Kid on playground #2: Aaaghghgkk!
Kid on playground #1: ha-HA! You're box rootin' days are over Bad Hax0r Bill!
Kid on playground #2: Gosh darn it Tommy! Why do I always have to be the intruder every time we play 'sys-admin'?
Kid on playground #1: quit whining Robby, when we're at your house you can be the network admin
Kid on playground #2: Fine, but at least pretend you're an MSCE this time so I can win one game
Kid on playground #2: Pfft. Alright, but next time we play 'content pirate' you have to be Valenti. I'm sick of peeing my pants so I don't miss the commercials.
It's mainly to eliminate jobs. There's nothing management likes better than saying "I'm sorry... but we've had a restructuring of the strategic paradigm partnerships..." (in as patronizing a tone as possible) because it means fat bonuses when the stock jumps.
W-4 employment is a farce. It is the ultimate bait and switch flim-flam shell game with the employee always in the betting circle, their house, family and career up for grabs.
Don't believe the hype.
I would believe it if the security guards at the door know how to do packet analysis and start to catch some script kiddies instead of drinking coffee and snoozing all day long.
in an effort to eliminate redundant jobs
We definately need to eliminate more redundant jobs. After all, you always hear people complaining these days about having jobs, what with them being redundant, and how much simpler things would be if they were fired. This is definately a step in the right direction.
"(Man) tries to live his own life as if he were telling a story. But you have to choose: live or tell." --Sartre
The need for physical security is obvious. What's not so obvious is that the same people should be in charge of both electronic and physical security, since these seem like very different realms. It seems fairly clear to me that the bottom-line security people shouldn't have both jobs. However, I'm still pondering whether the management could or should be combined since, as the article points out, both jobs are aspects of the same ideal: a secure company.
On a serious note, consider the locations of all the hot network jacks at your employer. Are any of them in public locations that are empty at times, say conference rooms in common areas? How easy would it be for someone to go in, plug in a lap top, and start up a packet sniffer? There are aspects of your network that need physical consideration other than the server room.
Now the most difficult part is figuring out how to convey "w3 0wn j00r a55, fUx0R!" over the dubious medium that is the megaphone.
If you open yourself to the foo, You and foo become one.
A friend of mine works in a dedicated IT building for one of the larger banks in the US (can't think of the name right now, but i know it's located in Ferndale, south west of Detroit, MI). He took me around the place, and showed me all the security stuff they had set up. You need a card, finger print, and key-code to even get into the building (yes, the janitor's entrance is like this too). You need those to get into the elevator, and to go into any of the areas with actual machines. I was only allowed to see their huge terabyte server cluster through very dark tinted glass: nobody but the head IT people are allowed in there.
I guess that if someone decided to walk into the place with guns a blazing he could, but that's not exactly the most subtle way to steal credit card and bank account information.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
> ... as the old adage goes, an attacker with physical access already has you owned.
Oh, I dunno about that. We've already seen a number of reports about people who got their laptop back after a theft, apparently because it was running linux or *BSD. The thiefs couldn't get past the login screen, so they trashed it or left it lying somewhere, and whoever found it called the phone number on the sticker.
Granted, this might not stop your expert unix hacker. But most laptop thefts are by petty thiefs who are pretty much computer illiterate, as are the guys who fence them. With Windows or Macs, they can turn it on, try a few things to verify that it runs ok, and it's in the pipeline. With a unix-like system, they can't get in, they conclude that it's unusable, and they toss it.
Your typical laptop thief only gets a hundred bucks or so for the machine. It's not worth a great deal of effort to break through security to verify that you're not buying a fancy-looking brick. So login+password is plenty secure for the typical theft.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
so, yes, even half-witted sysadmins know it's important to keep their stuff physically secure.
i also know it's important to have legal help should someone break in to the system, or just plain decide to sue the company. however, as a sysadmin, i'm not expected to take the lead in any lawsuits. when we're talking about physical and network security, we're talking about two different skillsets.
i can see the value of putting them in the same group, under some greater auspices of "Security," but if you're talking about making *one person* do both i just don't know. i can't say i'd want any of the sysadmins *i* know responsible for handling intruders. even things like evaluating badge systems and alarm systems are outside a sysadmin's real skillset. sure, i could pick an alarm system. so could the receptionist. we'd probably do about the same job picking one, too.
"Mister Potato-head --MISTER POTATO-HEAD! Backdoors are not secrets!" (War Games, 1983)
Physical access isn't necessarily owned - with proper encryption and the passphrase nowhere but in my neurons they can still be locked out, but for a small bribe I could be convienced to reveal the secret to the executives outrageous incomes and my lousy salary.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
It is that issue there that will present the problem, and also the very thing that many 1337 do0dz will never understand.
That being said, I am glad that the ideas are merging... mainly because I think that it will clue many developers in for the need to provide consistent, standard, and robust interfaces instead of 'hacked for this and only this feature/platform/language/etc' I personally have crappy front end skill, but I understand its very vital nature. For every 1337 do0d that thinks it is not good to 'dumb down' anything, then they obviously do not understand that abstraction does not change or prevent any low level interfacing, but merely provides the means for working with other systems like GUI's. Of course it also means they are wanna be loosers who if they rubbed two neurons together would realize how stupid that kind of thinking is. They should be real programmers and throw away the keyboard, monitor, mouse... and go with a bank of binary dials for any computing. Retards... talk to me later after you have grown some pubes.... oh! look at me, I can code! Yay for you... I can drop most adults in a fight, you won't see my ass taking on Sadam by myself however. Idiots.
It's more than just physical and logical security. There is also psychological security, if you will. All the physical and logical security in the world won't protect you from social engineering.
(Oh, and don't forget to email your username/password/IP to me. Thanks.)
It's more than just physical and logical security. There is also psychological security, if you will. All the physical and logical security in the world won't protect you from social engineering.
(Oh, and don't forget to email your username/password/IP to me. Thanks.)
Most places I know of use illiterate rejects without high-school diplomas for PHYSICAL security, so they can pay them minimum wage. Are they going to go to the expense of paying network security experts to watch the door 12 hours, or are they going to take the risk of entrusting the network to former McDonald's employees?
This space available.
I doubt this is too likely to happen much. Security departments have a lot more to deal with than just securing locations from access. Our own computer department does, in fact, handle some of this (for our own areas, at least)--security keypads and our own alarm system.
I work for a large auto parts distributor, and our security department doesn't even deal much with access security. They deal with investigations for sticky-fingered employees for the most part. They also deal with the more complicated theft rings, which usually involve state authorities due to dirty city cops being involved.
This is WAY outside sysadmin territory, and I don't see them merging anytime soon.
Who says all us are fat, pimply-faced slobs? I'm in the military and I've seen quite a few others in here that are computers geeks, so obviously we have to be in shape you know.
C:\>
Hi all. I'm in a youth hostel in Dublin, it's 3am and all my friends have gone to bed because they're boring fuckers. Well, their loss. They missed a pretty neat band called "Stranger by Day".
Anyone got any ideas what I can do for the rest of the night? I'm bored and i feel a bit of a lamer reading Slashdot as the remedy.
Thanks muchly,
Geordie
n/m
My problem with this is that physical security is not a sinecure for technological problems.
If this were *merely* to eliminate redundant management structures, it might be agreeable. But probably wouldn't be.
As a former IBM employee, I've had to deal with the management of firewalls by a seperate security organization; the result was a minimum of six weeks to get a TCP port other than 80 opened, if it's permitted at all.
XML was invented by IBM employees as a means of routing around these people by tunneling operations on port 80, which these people would permit by virtue of it being port 80, without concern for the content of the traffic over that port.
Given encryption on storage media, both active and backup, and multiple site replication, physical security is more and more meaningless for information technology.
IMO, eventually corporate networks will not exist at all, *except* as VPNs.
At that point, "physical security" means sending armed guards out on business trips with every schmuck with a laptop, and posting them outside the homes and telecommuting centers of every remote worker.
Frankly, a merger in this area feels more like the physical security people trying to defend against their increasing irrelevance, in the same way that RIAA and MPAA are attempting to defend their increasing irrelevance.
-- Terry
Jeez. There's already plenty of places catering to this market...
Havenco (sealand)
ServerVault
Underground Secure Data Center Operations
as well as several others....
Sorry, the correct spelling on /. is 0wnzed.
'Cause it's still clever and original after all
this time.
That was sarcasm. Actually, thank you for your restraint.
Very simply, there are 2 main types of hack. One is untargetted (ie scan a netblock and see what happens) and targetted (hacking a specific target). Now type 1 is by far the most common, and paying a heap for physical network security is pointless as the hacker is just looking for an open port/service. On the other hand, the concerted hacker is doing it to get at you. If you increase physical network security, they will just look for another way in.
The first principle behind hacking something is to attack the weakest point. In most cases the human factor is the weakest point. Social engineer a password out of a luser and you're on your way. In other cases it might be physical security. By increasing physical security of your network, you just push it further down the list of ways to get in.
The truth is that a truly concerted, determined (and skilled) hacker will get into pretty much any system they want.
"I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
Very few people in the software world understand that physical security is part of the overall security picture. Why is it still almost impossible to find an open source OS with a production-quality stable encrypted FS? No, loopback hacks don't count. Why doesn't Linux ship with an encrypted FS? With an encrypted FS, if someone does manage to steal your server or laptop, the data are still safe (assuming the machine loses power during the theft).
It is a very different skillset, but it makes total sense to combine expertise in both into one entity if organizational security is a requirement (and when is it not?). Ideally, in such a group, people will be cross-trained and particular experts in network/computer and site/physical/emission security will be retained. In practice, some poor sysadmins may get stuck trying to ensure physical security as well - depends on who is implementing the rationalization.
Different skill sets, but the approaches are analogous (perimeters, critical resources, etc.)
Personally I think that it would be a great idea if people had at least some contact and cross-training.
One caveat though-- This should not be about eliminating redundent jobs. Sure this means that you can operate more securely, but it really means you can buy better security for the same cost.
LedgerSMB: Open source Accounting/ERP
When we built the new building my company moved to, I did all the wiring / network design and had to liase with a security -type on how we were going to secure the building. I was pushing for a KISS principle of key trust (physical key not PGP key) exactly the same way that a retail store works; you have a manager who has the key to the joint and certain "keyholders" who are trusted. They lock and unlock the doors. Simple, elegant, and hard to beat. The consultant said "that's no good, you need a cardswipe system with maglocks on the doors" and he presented a spec that managment loved, sicne it had all those gee-whiz card sensors that went BLING! when you swiped your card. I looked at the spec during a meeting and said to the consultant: "These maglocks, they close (lock) when they are energized (have power applied to them), right?" him: "Yep" me: "So what happens when the power goes out?" him:"Errr...I'll get back to you" he gets back to me and assures me that there is room in the budget for a UPS that will keep the doors up for a long time. So we get the system, and one day (long weekend), the power goes out. No prob, my racks have APC RM UPS'es and everything gets shut down gracefully. I get warning bleeps on my SMS cell that power's out, I go, "So what, it's the weekend" and ignore it. 8 hours later the company president calls me up, says "WTF? Door's unlocked, anyone can walk in and take the 17" TFT on the receptionist's desk!" Me: "WTF?" Haul ass down there, take a look, pop my head in the ceiling to take a look at the door UPS
I *can't* believe it! The security guy specs out an APC Back 250 UPS like you get at Costco for $80 The frickin door probably only stayed locked for, like, a half hour. The security guy though it would stay locked for days!
I inserted my key into the deadbolt on the door (which I insisted on) and firmly closed the lock. The APC was replaced with a 1500 the next day.
1. Physical Security, so that only autorized people get direct access to your hardware, including terminals, ports, routers, etc.
2. Personnel Security, so that you reduce the chances that you've given authorization to an untrustworthy person.
3. Computer/Network Security, to reduce the chances that unauthorized people get into your network from outside your facility, and to control the access that authorized users have to your systems.
All 3 are needed. If one person isn't doing all 3 security jobs, then the different security people should be working together so that they don't accidentally work at cross-purposes.
For example, one of the buildings on our site had been vacant for several months, so to save money physical security dropped the alarm monitoring and guard patrols when the contract was renewed. Two months later IT set up a new server farm in it,and didn't tell the physical security folks. One month after that, the servers went down and "walked away" over a three day weekend...
Hopefully this stupid survey conducted by Ipsos-Reid will not cast doubt on the importance I see of a strong and supportive partnership with our brothers to the south.
...
Quoting, Seven in ten (69%) Canadians think that the United States, because of its policies and actions in the Middle East and other parts of the world, bear some of the responsibility for the terrorist attacks on them, while 15% indicate that they believe that the U.S. bears all of the responsibility.
The question is overly broad and thus meaningless, additionally the timing is both inconsidered and just a cheap way of creating news by bashing Americans. Supporting a soverign nation (Israel) in its struggle for acceptance and a right to exist, and deploying military forces in Saudi Arabia when asked, does not constitute a justification for the cowardly act of September 11th.
For more information, here is an article, but more importantly, I think we should all Ipsos-Reid what we think of their "make news bullshit by bashing Americans" at
John Wright
Senior Vice-President
Ipsos-Reid Public Affairs
(416) 324-2900
To my American brothers, I am sorry for this type of survey, see to it that Ipsos-Reid doesn't do it again... Take the time, even if it is just a two-word email!
Tournament Management Online &
" Physical security considerations go way beyond that. In high security environments you have to consider electromagnetic emanations as well - ever heard of a faraday cage?"
I've heard of lead
I don't think they will be a great loss of jobs, nor will guns be given to admins. More likely the management of both functions will be incorporated. I have consulted and managed security projects for my company and many clients. THe one item you usually have to work on with them is that the physical security is as important as the data security.
Once you cross this hurdle and good well rounded security expert can approach a building, office or room and address everything from the points of entry to the servers.
An example, when approaching a server room I look at the entry mechanism on the door, the hinges and jam. I look at the walls for material, thickness and accessiblity. Is the ceiling accessible? Once inside I look at the physical access to the hardware, the fire prevention equipment, etc. Then we move on to the data security. I have hired people that are experts in each field and they train each other.
In the end you end up with a much more secure environment and the same workforce minus maybe one manager.
I think this was inevitable.
"an attacker with physical access already has you owned"
I usually feel a superiority complex when it comes to the "humor" and "wit" that normally accompany the average slashdot text, but this one has me stumped... Is this a really an old adage? Or is it some semi-subtle joke, using the relatively new term "owned" and calling a phrase with its usage an "old adage"?
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
Half a dozen in the other. Security in my mind is about protecting information assets, be they physical, electronic, or human. It all comes down to defining policy and implementing reasonable measures to enforce your policies. Some times the solution is physical, sometimes it is social, and sometimes it is 1s and 0s.
At some high level, all of those elements should be combined into a single responsible entity. Whether the person in charge comes from a physical world or a data world does not matter, provided they have a talent pool from both worlds capable of enforcing their policy. I do not think the article intended to imply that we would see admins being asked to take a bullet (good luck!) or security guards expected to respond to the next Bind exploit (once again, good luck!).
If however, on the off-chance my company wished to provide me with say, oh I don't know maybe a chain gun or a redeemer, I would be more than willing to sit in a tower and secure the physical perimeter for them.
CISSP = Certified Information Systems Security Professional
CBK = Common Body of Knowledge
(ISC)^2 = International Information Systems Security Certification Consortium
----
How expensive is this CISSP anyways? If you are a professional in the field, is this certification really going to get you a raise? I guess if the company is paying than who cares, free books and paid time away from work. Work the system !
/.................../ \\
I'm not convinced that the merging of different aspects of security under the same management is a particulary recent phenomenom, let alone one of the last 2 years, driven by post-9/11 concerns. What may well be happening, especially in the US, is that the realisation that this is necessary is spreading out to more of the medium sized businesses where the concept is something of a novelty, so it gets talked about more and picked up on by media reporters.
My impression, both from my own experience and from what I've heard from colleagues over the years, is that in large organisations where security and confidentiality are central competences (eg military intelligence or banking) treating security issues holistically has been taken for granted for years, so there's been little discussion of it in public. Of course, another reason for this silence is that these sorts of organisations tend to strongly discourage public discussions about their security structure.... which is why I'm not saying any more now.
...just gota' watch out for that shoe-bomber packet driver
$400 for the test. Boot camp training ranges from #3,000-$4,000 from what I have seen. I got a package deal of CISSP boot camp and a Applied Hacking boot camp so they were $3,250 each. A friend at the CISSP boot camp said ISC2 does their own training course for $3,000.
;)
Cisco's CSO said CISSP is worth $10,000 more per year (I don't think he meant that in a good way). Of course I'm sure he has a higher opinion of Cisco's own security certifications
One guy I went to boot camp with applied for the same job he had not gotten before the test, but he got the job after the test. (He wore the lapel pin to the interview). That should be some indication of what the cert is worth.
how about throwing MCSEs off the property? or hitting the new admin w/ a taser when he gives a user root so they can install software on their machine?
( gleefully rubbing hands together while entertaining thoughts )PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
My experience says me that a logical solution (keep crackers away.. etc etc...), has another counter logical solution agaist it (a way to reverse it, to put in plain text: crack it..). Why?, because otherwise it wouldn't be "a logical solution" in the first place.
89 1 55 1 34 2 21 3 13 4 8 5
which number shouldn't be there? (that's right, these numbers are the result of some logic, except one... which, I ask : ))
(ps! Just becasue a logical solution maybe "simple", dosn't mean the counter logical solution should/would be the same)
(PS nr2!! The point I want to make?? (If you haven't figured it out). Well then, you have some thing to make sense of then : ))
I don't claim I know more than I know, and if you know you know more than I know, then by all means, let me know.
Hmm... boycotting a location where the general population is armed and can defend itself. "How uncivilized".
--"I'll just be over here with the machete wielding savages, sir!"
Physical security isn't just locks, although the realm of access-control alone is enough for an entire job when it comes to background knowledge. The notion that there is redundancy between physical and computer security specialists is insane. I've worked with a few physical security specialists, and I was utterly in awe of the various things they had to know. There are almost no overlaps, very few synergies, and frankly, I don't really care to know what the latest and greatest in door strikes and CCTV lenses are, so if I were asked to do double-duty, I'd be heading for the door before you could say "emergency exit."
For your security, this post has been encrypted with ROT-13, twice.
I wonder if you can buy CISSP pins on ebay? :D
I bet it's alot cheaper than the class. Maybe I could borrow yours for $50. Hahaha. Then I would have to make a story about the missing diploma.
Maybe when I start making headway on my B.S. loans I can think about more schooling. A year ago, I was thinking about a M$ cert in programming or database design, now I can't decide. One in network security might be helpful for the company I am interested in starting.
/.................../ \\