I am officially a cissp!

What is next?? I read some threads describing your difficulties. It's a good story of overcoming hurdles. It is harder to overcome who you are....rather than just effort. I am going to need to see if they will accommodate my disability. I can not sit for a long time. And giving me breaks and more time is not going make test easier...it's long enough and risk over thinking it..

Congrats again...!!

kalkan999

Hi Jacob. Thank you for the Kudos. Yes, it is an unfortunate thing to have a disability and be expected to take and pass any standardized test, much less the CISSP.
What is next for me? Well, I have a job for the moment, but i am considered officially 'overqualified' by those who hired me, so they don't expect me to stay on very long. I think that I am self-promoting enough to try my hand at consulting, because I believe I have positioned myself well enough in the industry and gained enough knowledge and experience to provide a worth-while service.
I worked too hard to get where I am to be exploited as a Defense Contractor. I did not take this test because the DoD required it. I could have remained an OK paid Security technician, but making any changes in DoD outside of patching systems is too problematic, too time-consuming, too expensive, and too politically motivated. Nothing worse than a Major trying to become a Lieutenant Col, or Lt Col gunning for Col, or a GS-12...UGH. They know that in order to get promoted, they must try to keep their bottom line in the black. For those of us 'in the know,' that means Risk Avoidance, as in fingers in their ears, as in 'lalalalalalala I'm not listening, la la la la la la lah.' It matters not that we are smart enough to use these formulas to show them that in some circumstances, doing nothing is less expensive than fixing it, while in others they MUST comply lest they find themselves legally and financially liable.
AS a result, I am now a 'Realist' when it comes to Information Security. It does not matter in the slightest to the number-crunchers that we show them the financial advantages of safeguards (pro-active) versus countermeasures (reactive) can save them up to 9 times their money in the long run. SO, I think I am going to take advantage of that fact and make lots of money.
I don't see myself as a mercenary, taking advantage of those who had little knowledge of such new enemies or their APT techniques. Times have changed much in the last 5 years. Small and medium-sized businesses will not prevail over the onslaught of APT's, or the new Al Qaeda threat (watch their translated 'how-to video'), unless there are people like us who choose to help them. Larger companies have the means to properly back up,restore, have alternate sites, and are quickly installing enclaves which work well. I am perfectly willing to help those with smaller netowrk 'footprints' who find themselves in vulnerable situations. LAW FIRMS are notoriously inefficient at securing their systems, which is quite ironic considering they are often the same ones on the front lines of suing people or companies for copywright or trademark infringement, or sue on behalf of those whose information is taken from other businesses who did not properly secure their systems and business or personal information is stolen.

Jacob18

Yes, I am really not looking forward to taking that test. It is going to hurt literally.
The DOD is an excellent place to gain knowledge and experience though. Good luck and success with the consulting gig. Contacts, contacts.
I would suggest not leaping until you have customers, business plan, etc. in place.

I have had a thought for years. You are welcome to take it and use it if you want.
Small businesses are targets, and can't afford their own pen tester, response teams,etc.

You could pool say 20 businesses. Use a team to support all of them for a lower price. Pool resources, lower costs, and so on. You are going to have to work the numbers. For a set budgetary price, we will offer.....I think it could work, pun intended. Essentially, you are costing as if it were ONE big company.
The trick will be convincing them of the ROI. Just an idea for you. I would rather be or work for a small business. I really don't want to
work for a large entity and just be a cog in the wheel at this point in my life. I enjoy going where my OCD takes me and being able to do new things, if they can make the business and me money. Small companies are more nimble, and responsive to needs of the market..

Again, Good luck and much success!!!

J

Jacob18

@kal,
I thought about your post a little. Yes, politics, advancement play into it. I have had to go toe to toe so to speak. But coming from a military background and understanding the culture I sometimes can add a little emphasis and gravitas...

sometimes just saying "you are the captain and what happens to the captain when the ship goes down? Promotion and evals go down with a nice swirl...You don't want to be the one blowing pressurized sanitary tanks on yourself when you pull the lever..." does the trick. And knowing you are right.

But asses are asses....and they exist everywhere. I hope eternally that they eventually get moved out of the way or retired. Don't let them get to you. The good ones are good friends to have though..