Passed my CISSP exam just before Christmas and now realising there's a lot more to getting that validated than just a letter of endorsement from my boss.

My Notability stats are 100% #CISSP learnings lol! Just 2 days til exam 😵‍💫

Glad to see #cyberawareness training is ensuring that we fill our precious mental bandwidth with only the most pressing of security knowledge and not at all making us watch nonsense videos and answer nonsense questions just to make sure we watched the nonsense videos so management can look at marketing metrics and feel confident their 'human firewall' is working. This feels like a new low.

What a sneaky scam; perfect fake of UK gov web style. winter-subsy.com.

Proofpoint's latest 'voice of the CISO' report includes this depressing statement: "Year after year, human error continues to rank as the greatest cybersecurity vulnerability". Aside of the fact that viewing human error as a root cause of a vulnerability is a fallacy ('cause' is simply where we decide to stop looking further), this points to the fact that at the highest levels of the biggest organisations we continue to blame users for poor security outcomes. I feel like I need to have this decades-old statement printed on a plaque I can point to: "Rather than being the main instigators of an accident, operators tend to be the inheritors of system defects created by poor design, incorrect installation, faulty maintenance and bad management decisions. Their part is usually that of adding the final garnish to a lethal brew whose ingredients have already been long in the cooking." (James Reason, Human error)

Microsoft making products traditionally bound up in the pricier E5 licenses available at lower cost to smaller orgs with Business Premium is a good thing. But for many at the lower end, justifying a near-doubling of license cost will be a big ask. I'd rather make the base SKU a few pennies more but include risk-based CA and PIM.

We've coined a friendly-sounding term for 'give your phishing sim vendor unrestricted global access to your org's Exchange mailboxes'! What could possibly go wrong??