+1 to CISSP, I had essentially the same experience as the OP, and decided that IS manager tedious. I went and wrote my CISSP, got 'lucky' a couple of times with breach issues and poof, 5 yrs later I'm a Sr Infosec Manager.

While it doesn't have a practical component, I've met very few people who honestly say they left the exam knowing if they passed or failed. Most nerve wracking test I've ever sat for anyways. And most of infosec (absent specialties such as pentest, and even then arguably) is 90% thinking anyways. Very seldom is it important to know what command to type. Much more important to know the theory like the back of your hand.

All that having been said, if you don't like handling people, infosec is likely a poor fit. You'll top out soon if you can't have a coherent argument with someone that doesn't degenerate into "Because I said so".

Min

Min

I've hired people with misdemeanors before.

Be honest about the crime, don't have it be a surprise that I find out during the background check part of the hiring process.

I also know other managers who've done the same. Its tough to find good people. A drug offense 5 yrs ago, with proof of a completed drug treatment program for instance isn't going to stop me from hiring a good IT worker.

Min

Well since the publication date was 2010, I'm not sure we can blame Jean for this one.

I'm very happy that my daughter gets angry and pissed off whenever anyone suggests something is a boy toy or a girl toy tho. (Drive thru at McD's is rough!)

Min

Yep, a call to my corporate legal dept would be my first move in this situation. It's amazing how many situations got deescalated when we got the other party on the phone with my legal dept on the line.

Min

My Wife's response:

"OK that's it, I'm cutting you and the kid off. More for me!!!"

Min

I did YKnet around the same era then, out of Whitehorse. Set up an 8 line dial up pop in Old Crow, using bound analog sat channels.

I also did a stint down in the Eastern Carribean. I remember the bribes, favors, etc required to get a UPS from the dock to our building, and members of our team blocking off the main drag in town while we used the (borrowed) cargo forklift from the docks to lift the UPS up the side of the building. While we were discussing how to get it in the window the forklift driver disappeared, leaving the UPS balancing on top of a power pole. Driver was asleep under the lift. Waiting for the ex-pats to make up their minds.

Cricket games were something else too!

Min

Heyya - just a quick tip of the hat - sounds like we got started much the same way. What part of the Canadian frontier you tame? Yukon here, early 90s with a NPO.

Min

I manage this using xprivacy module under xposed. It allows you to whitelist an application for any subtree under where it's requesting access. Works well for me. More work of course, but security tends to be more work.

Min

Acutally not quite accurate - a faraday cage that blocks at all wavelengths would need to have a very small mesh. Rule of thumb is you want your mesh to be less then 1/4(c/freq) m.

Since freq in the case of NFC is 13.56 MHz, that will yield us with 22/4=5.5 meters (excuse the rounding, you get the point) so anything you can wrap around your wallet is going to do the trick.

Google NFC blocking wallets for some selections.

Source: I attend hacker conferences. All my credit cards are NFC enabled. I don't want to have conversations with my CC company that starts with "I was at Defcon when..." - those don't end well!

Actually, post Chip+Pin (and RFID interact flash for that matter) this sort of attack isn't possible. That's because the chip inside the card creates a unique one time approval for the transaction. The approval is un-replayable,

At worst, attack wise, you might be able to perform a turnstile attack on it (Interac flash reader, taped to a turnstile say), but transactions over Interac flash are capped at under 100$ and every 5 transactions you have to re-auth with a full chip and pin, so the banks' risk is pretty limited there.

Disclaimer: I've not done an indepth analysis of the security controls myself. I know there were some weaknesses in the Euro implementation around not signing the list of allowable transaction verification mechanisms or somesuch (look up the blackhat talk if you need to know) but it's a LOT more difficult these days then inserting a skimmer on the terminal and video recording the pin. (Interac was always two factor, until interac flash).

Min

Mmmm, Internet tax!

World wide 2013 air crash fatalities: 29
World wide 2010 traffic crash fatalities 1,250,000 (est)

So unless you're going to argue that I'm 4310300% more likely to walk away from a fatal car crash, we're better off spending money there, looking at it from an objective point of view.

Fear drives us to make poor decisions. I fly a lot, but I understand that I'm just as dead from making an error at 70 mph as I would be asleep in my seat when the back end falls off my 737. Just 4310300% more likely to experience the former then the latter.

*disclaimer: Yes, I know, I mixed statistics from 2013 and 2010 above. I was too lazy to go back and find 2010 air crash statistics, but I seriously doubt it impacts the statistical analysis any more then the rounding error in the world wide traffic fatality stat.

Min

On traffic safety, agreed, long term, autonomous cars are the way to go. Some of the answer there is time and market forces, but I suspect a billion or two from the war on terrorism could move that along nicely. Faster technology evaluation and approval pipeline, more money for NSF funded core research, etc. But nearer term there are technologies that exist in high end cars that would lower traffic fatalities tomorrow if available in all cars. Blindspot object detection, lane departure alerts, etc. If the concern is about an objective attempt to lower the number of people who die each year, a dollar spent in this area is going to save more people than a dollar spent in airport security.

On diseases, if you're talking about a billion dollars to paradrop a few thousand doctors into africa to do contact tracing, then you have my support. If on the other hand you're discussing mobilizing the national guard to protect North America from Ebola, not so much, spend the money on the flu, which kills many more people world wide. If we do the right things in Africa, Ebola will never be more then a hideous way for a couple of people to die in the US. This is one of those situations where the "Protect the Homeland" mantra is worse then useless.

Min