[ Book Review ] :: A+ Exam Cram from David Prowse, eBook Version

This July 1st (2016), the CompTIA A+ certification rolls over to the 901-902 version, with some pretty significant changes to the test materials. I’ve been evaluating books for my upcoming classes, and decided I’d try out not just different publishers’ offerings, but different forms of the media. As an instructor, I’ve relied heavily on physical books to run my classes: they’re marked up, dog-eared and riffed with sticky notes for points I want to hit in class. Could I do as well with an eBook?


Pearson hooked me up with an epub version of this Exam Cram, written by David Prowse. I’ve been in this business for many years – and so has he. His materials are pretty darn good, including an online A+ training course I had the opportunity to preview (and review). When it comes to highly technical books, there are plenty of them that are written by committee, and read like it. I’ve got nothing against a dry, factual style, but my students seem to be more willing to read single-author books with a breezier prose style. This book falls into the second category, and has the kind of comfortable, personable text that makes reading 982 pages a lot less of a chore. By comparison, the 901-902 text by Mike Meyers runs 1472 pages of first-person conversation, while the text from Docter, Dulaney and Skandier is 1312 pages of formal discussion (what did I say about writing by committee?). Prowse gets one point for good prose style and one for shortest length, which does in fact matter.


One of the biggest changes for the new certification is the much-changed list of operating systems covered. XP is out, finally, but Vista lingers on, along with Windows 7, 8 and 8.1. Windows 10 is not covered. But OSX is getting a lot more discussion, which matches the workplace I see, mostly Windows but with a contingent of determined Mac users. The three texts I reviewed handled this issue differently. This Exam Cram splits OSs out among the main test topics, so there’s not one place that solely discusses Windows 7, for instance. Docter/Dulaney/Skandier do the opposite, with 50-60 page chapters on each major OS, which might be a good idea for organization, but does lead to a lot of duplicate discussions of installation and deployment, for instance. In my reading all three texts ended up covering the same materials for each OS, because the CompTIA A+ Objectives are so clearly spelled out in this area. Frankly, I kind of like the way Prowse handles things, discussing the topic under a major heading with subheads for each OS’s differences. iOS and Android also get a little more emphasis, though largely along the same lines as the 801-802 tests: checking versions, doing resets and synchronizing. The whole topic of OSs is one of the areas where the eBook really shines, with beautiful full-color high-resolution images.


Color images appear frequently in the text, and put the printed books’ grayscale images to shame. Many of them are close-ups of details, and I had to admire how well I could see things like silkscreen lettering on circuit boards. I wasn’t sure how comfortable I’d be using the eBook, as I’ve mentioned, and I tried more than one e-reader. Windows 8.1 offered a friendly link to the friendly Windows store for an epub reader, and served up an app that got even more friendly by installing a toolbar and search engine, and modifying my network settings, none of which I appreciated. It took some lengthy research to uninstall that crapware, then the research I should have done in the first place: what are the really good eBook readers, for Windows, in 2016? This led me to Adobe Digital Editions, much despised in its 1.x versions but apparently much improved in the current 4.5.x version. I thought I would miss my sticky notes, but the Bookmarks feature fills the gap really well. And it’s nice to click directly from the Table of Contents to a chapter, or even better, easily search for particular terms, something I had to rely on Indexes to do for me in paper books. I had to find the right tips page to figure out highlighting: select text, right-click, voila!


There are a lot of subtle things that get glossed over in a lot of A+ texts, for instance the issue of Northbridge and Southbridge, bridges that were originally real bridges with real, separate controller chips, but which are now “virtual,” in the sense of being absorbed into the main processor or other subsystems. Of the three texts I reviewed, only this one discusses the DMI bridge in Intel-processor chipsets, and none discusses DMA channels (which apply to RAM, not processors); there’s a certain degree of depth that’s being lost as different manufacturers devise very different solutions to the same fundamental problems. Intel’s DMI differs significantly from AMD’s HyperTransport bus, and both differ from Intel’s Quick Path Interconnect (QPI). Prowse gives all these some attention, and he’s the only one in this group who does. And that’s just one example.


The most important work students can do for certification exams is taking lots of sample tests. There are resources online, of course, and many are quite good. Brain dumps, on the other hand, are worse than useless because they’ll mislead you or insist on wrong answers. So the test material that comes with a CompTIA-approved text is actually really important, because for the most part it accurately reflects real question styles, for instance the frequent use of scenarios in questions. The Meyers book uses 10-question end-of-chapter quizzes that are good; they come at the end of lengthy chapters, which means you’ll read for a while before dealing with relevant questions. I have to admit I like Prowse’s Cram Quizzes, short 5-question tests that come two or three times per chapter. That’s a good idea: look at the material, then look at the kind of questions you’ll see for it. And not just multiple-choice questions, but performance-based questions like the ones you’ll be getting on the real exams going forward.


This makes for an interesting point: only Prowse’s online version of this course offers genuine simulations of the performance-based questions, for instance dragging and dropping devices to the correct slots. Obviously you’re not going to do this with either paper books or an eBook, but different writers have dealt with this in different ways. The Sybex book comes with access to an online lab and test bank, which I haven’t explored yet. This Prowse Exam Cram uses write-it-by-hand versions of the performance-based questions, which are actually pretty good substitutes, considering a lot of that drag-and-drop stuff is just silly.


Ultimately, I liked the Prowse book itself the best among this group, and surprised myself that I liked the eBook much more than I thought I would. It’s the shortest of the group I evaluated, yet covers many topics more completely. And Prowse’s writing is easy to read without trying to be too funny or chummy. Every classroom I work in has a projector, so it’s totally feasible to bring the book in digital form and put it up on the screen. When I’m drawing students’ attention to highlights, they can see exactly what I’m talking about, easily. I’m finding myself completely willing to try out this book, as an eBook, this coming term. Maybe the most interesting thing to see will be how well my students like using it. If they do, I’m going to permanently lighten my book bag and never look back.

CompTIA® A+ 220-901 and 220-902 Exam Cram


Copyright © 2016 by Pearson Education, Inc.


ISBN-13: 978-0-7897-5631-2ISBN-10: 0-7897-5631-5



[ Book Review ] :: Pearson IT Certification CompTIA A+ 220-901 Complete Video Course

Pearson’s A+ Video Courses: A Serious Alternative to Classroom Training


Video training has become a really big business. I’m a classroom teacher myself, and teach the A+ certification and several others, so the question of whether video training can replace classroom time is pretty personal, and I come at it a little skeptically. I’ve endured some truly painful online and video training courses, and I’m betting my gentle reader has too. Do they have to be awful? Or can they truly be good enough to replace “live” teachers? And more important, are they a good bargain relative to live classes?


No, they don’t have to be awful. Some are definitely better than others. Twenty years ago the user interfaces were mish-mashes, a situation that has hugely improved. Today they’ve almost all settled toward uniform layouts, which honestly improves the user experience across the board. It’s great to have a course outline with links to lessons down one side of the workspace or the other, for instance. Live classes often have a separate area for text material and another column for chat. Sometimes there’s a panel for downloadable materials, and sometimes all of these are wrapped up in one tabbed column (my favorite). What really matters is, which of these elements are included in a given course? And far more critical, how good is the actual presentation material?


In this case the material is quite good. The video pane alternates between Powerpoint-like slides, detailed video close-ups of hardware and actual assembly, and the presenter (whom I presume is David Prowse himself) talking and using a white board. This last is kind of classroom-like, complete with quick-and-dirty sketches. David has a good physical presence and a good speaking voice, so it works well. The frequent change of visual layout keeps things interesting, which is critical for recorded trainings. And the level of detail is really quite good; at 20+ hours for the 901 video course and 40+ for both 901 and 902, it’s close to the number of hours most live classes will run. That’s a lot of material, but in small chunks running about five minutes each. This is a popular format length these days: most students like being able to “drop in” to the course when they have some free time without making an hour-long commitment. Plus, it’s not so painful if you have to repeat a lecture. Personally, I find myself reluctant to start hour-long lessons online, but I can devour a five-minute video almost any time.




Lessons consist of Learning Objectives, lectures, Performance Based Exercises (very much like the ones you’ll find on the actual test) and PC Build demonstrations. The Learning Objectives aren’t a boring list of topics; instead, David gives a brief but much more informative talk about the lesson. Some Performance Based Exercises are classic drag-and-drop matching tasks, but some require you to demonstrate actual familiarity with Windows by, for instance, setting a static IP address, which is a highly relevant skill. The overall high-quality video production really shines in the PC Build walkthroughs, though these may be most useful for less experienced students. Modules are collections of Lessons, and include Module Quizzes (again, very similar to actual test questions). Most textbooks in this area include at least a couple of sample tests, whether on CD or by download. With this package you get a series of Module Quizzes, which as I’ve mentioned are pretty good, but you don’t get formal timed sample exams.


Can really hi-res video of motherboards and RAM and video cards replace the hands-on, pass-it-around of a live class? Put simply, yes, provided you’re already familiar with these things. But no, not if you’ve never handled them. How should you hold a stick of RAM? What part(s) should you never touch? If you picked up a module in a job interview would you be comfortable holding it? If these questions just make you laugh, you’re a good candidate for this course.


There were a couple of things I missed in the user interface package. There are no Supplementary Materials, which is a pretty small issue in a really complete package like this one, though I’ve run into some really valuable supplementary handouts from time to time. But the lack of student-teacher interaction might be a more serious issue. This is obviously the primary benefit of a live classroom or online class: you can say, Wait, I’m stuck on this, or I can’t make that work, or Mine doesn’t look like that. I’ve seen the chat window fill with questions, and I’ve found some of the most valuable material there when an instructor is provoked to a deeper explanation.


Some of the online course platforms use a hybrid method, where the course is recorded but the chat function is always available (and teachers are expected to respond to inquiries, even months or years later). Given the model of this video courseware, that’s not practical here. But this lack does take the course another big step away from the live classroom.


What really matters here is, can you take this video course and pass the A+ exam? There’s never a certain answer to that, because so much depends on the experience you bring. Some people are really successful at passing certification tests simply by reading a book or two; those people usually are already familiar with the topic and have advanced study skills. Most of us need more. If you can’t take a classroom course where you live, a video course is a very good alternative, at least if the course itself is high-quality, though I’d recommend spending some serious hands-on time with real hardware. The past few years have seen courses like this one dramatically improve, and at this point they’re certainly a viable alternative, especially if you’re relatively disciplined about your study – and like learning from videos rather than books.


Now for brass tacks: you can take two live courses for the 901 and 902 tests, with textbooks and test vouchers included, for about $2000 depending on your area. These two video courses list as a $499 package as I write this, much more expensive than a textbook and not including the tests, which will run you another $450. You could buy a text and some sample tests and spend barely more than half the price of classroom courses. If you’ve already got some experience with PCs, this could be a real steal for you.


Pearson IT Certification CompTIA A+ 220-901 Complete Video Course – January 22, 2016


By David L. Prowse


ISBN-13: 978-0-13-449930-7 / ISBN-10: 0-13-449930-1


Also see


Pearson IT Certification’s CompTIA A+ 220-901 and 220-902 Complete Video Course Library – April 18, 2016


[ Book Review ] :: CISSP Training Kit (Microsoft Press Training Kit) 1st Edition

This year (2015) is the year the CISSP changes from a 10-domain test to an 8-domain test, beginning April 15, 2015. I teach certifications, and always find these updates tricky: often the new materials don’t come until six months later. As I write almost all the new CISSP books are only “Available for pre-order.” So while I’m considering the CISSP certification, I’m looking at books for the 2012 version of the test (10 domains).


What’s nice is that a book selling for $70 a few months ago now costs a little over $40. And though this one uses the “old” domains, the infosec information itself is still completely relevant, and the practice questions alone are worth the price. (One of my top pieces of advice to students is to take lots of sample tests. They’ll point you to your weak areas faster than any other method.)


The book itself is hefty: 700+ pages of dense, small-font text and many, many long bullet lists. For better or worse, that’s the nature of the game in this area of expertise. At this level of certification, most readers are going to be able to deal with this kind of prose, though not necessarily everyone will love it. Consider:


The determination of value of the company’s good reputation is somewhat subjective, but it is certainly a valuable asset that needs protection and can be damaged by breaches of security. It is therefore a component of the risk assessment that must be quantified in order to establish an appropriate (cost-justified) level of protection. As each threat to each asset is identified and quantified, you must also determine any possible damage to the company’s reputation for the threat-related breach and additionally quantify the potential losses due to the (qualitative) damage to the company’s good reputation.


I guess some people will like that kind of prose, if that’s the kind of prose they like. I can deal with it, and I appreciate the effort for extreme clarity. Generally, though, I prefer to read – and write – text that says what’s important, simply.


When it comes to issues other than the writing style, I have to praise this book as wildly comprehensive. If you’re a network person the discussion of Layer 3 devices will be familiar ground, but accounting and patents and intellectual property protections likely won’t be. You can be versed in fire suppression issues and still be surprised by the provisions of Sarbanes-Oxley. Do one good, deep pass through the book (I recommend frequent, small chunks) followed by a pass doing spot-study of as many high points as you can identify. Then beat yourself with sample tests until you’re passing them consistently.


On the tests and questions: each certification organization has their own take on how to make things hard, ISC2 included. CompTIA questions, for example, are frequently tricky simply because of poor grammar or garbled syntax. ISC2 questions are generally quite sharp, crystal clear, and often followed by a set of choices for which you’ll need a razor to parse out the fine distinctions. Microsoft’s sample test sticks to this format beautifully, though there is only one on the included CD. But with 250 questions you can do lots of practices with 20-50 randomized questions and get the benefit of seeing familiar things side-by-side with new questions. This is definitely the high point of the kit for me; taking lots of sample tests, particularly good ones like this one, is the top technique for passing these certifications.


For any certification, I recommend not one but two books, at least. Since the newer material is still on its way, this book would be a good way to get strongly warmed up on the CISSP. Then get the best new book you can (for the 8-domain test) to finish your studies, thus buying only one top-dollar book. But that’s just my suggestion.


Full disclosure: I get textbooks for review from several sources, in this case from Pearson IT Certifications. I also work for a certifying organization (ISECOM), participate in building certifications (the OPST and SAI), write textbooks and teach at two universities (UNM and NMSU), so while I’m not the usual test subject, I am frequently the instructor.

* * *


[ Hacking Tools ] : sqlmap

sqlmap (yes, all lower-case) is a “Automatic SQL injection and database takeover tool” and a great example for my students of the goodies on GitHub.

On the hacking side, this impressive tool wraps a lot of functionality into one package. From their website:

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

From the teacher’s perspective (mine), it offers a great roadmap to the ways a database can be exploited, and not just one breed of database, but practically any DBMS in use today. And it’s a good time to teach students what git is, what a repo is and how to clone a git repo (at the very least). See it at:


* * *

A dictionary of Unix commands

Unixes (Unices) are largely consistent – at least that’s been the theory. But if you’ve ever wrestled with the differences between lp and lpr (hint: BSD vs. SystemV) or tried to remember at least the right general command to do something, a reference like this is gold.

That said, Caveat Emptor: this is not an exhaustive guide. It’s a way to prod your memory or help you find something new, which you’ll have to explore and learn in depth on your own. In other words, SOP.

Check it out here:


* * *

Playing with the Raspberry Pi

I’ve been tinkering with the Pi for a couple of months now, after resisting the call of RISC for years. These little machines have finally caught up to about Pentium II performance, which is to say they’re moderately good as a desktop PC, and excellent as a tiny Linux server.

The Kali people maintain an ARM image, though, which inevitably meant my students came to me about setting up Kali on the Pi. Depending on the student, I’m okay with that, but in most cases the request is cue for a sit-down talk about trust, as in, do you know these Kali people and if they had bad intentions should you be running this OS in your home? Nothing against Kali: I’m just nervous about any system with lots of moving parts, most of them mostly invisible.

That’s why I’ve been working with customized images of Fedora 21 and 22 with the Security Spin added on. I like this distro and the community that supports it (I know them personally), and the whole product suite is very thoroughly reviewed. Which is to say, I’ve made a trust decision.

And Fedora maintains an ARM image (yipee!), so off I went and ordered a Pi.

So: I don’t understand the unboxing video thing. I guess it’s a good way to verify you got all the parts? But since I’m going to use the devil out of this thing in my classes, might as well document from start to finish. So here’s the beginning:

* * *

Book Review: CISSP Cert Guide (Pearson IT Certification, 1st Edition)

As an instructor I’m faced with the choice, over and over, of a thick, detailed textbook versus a more concise one. Thinner would be the easier choice, except that some authors manage to make their thicker books easy, even breezy reading. Other thick books are just … thick. Many of the A+ texts, for instance, go much, much deeper into details than the test they cover does.

This book, which is for the 10-domain test, strikes a very good balance. At 470-odd pages of actual reading material (less Glossary, Index and front matter), it’s a reasonable size for the cert courses I teach. I found it easy to cover 50 pages an hour, though I’ve got over 20 years’ experience with this area so not much slows me down. But I’ve dealt with many (many) books filled with page after page of thick, hard-to-read and hard-to-comprehend text, so many that the slimmer, more terse books tend to make me cautious. This one’s slim and terse and absolutely readable.

Tight texts like this work by using short, declarative sentences. They state facts, explain simply, and provide solid nuggets of useful information, but they also don’t supply many examples, don’t try to explain things using scenarios, and don’t provide much if any historical context. If you’re already the kind of network professional you’re supposed to be to test for this certification, this won’t be a problem. A couple of paragraphs of discussion can cover Kerberos just fine – for the initiated. If you’re trying to “leverage” your way to a higher certification (and it pays to know that if you can’t document five years’ experience, you get an “associate” certification), though, this may not be the book for you. Actually, if you haven’t done the real groundwork, this isn’t the certification for you, either.

One very strong point about the Pearson IT cert texts is the sample questions and tests. I’ve seen too many questions in sample tests from several sources that are mangled, ungrammatical, ambiguous or just plain incorrect, but not here. As a long-time technical editor, I appreciate the good, clear, concise questions and the use of multiple plausible answers that made me slow down and think before choosing. The chapter-end questions and sample tests also seem very much in what I’d label “(ISC)2 style” – there is little or no sneakiness about them, unlike the questions common on some certifications I could name but won’t. They’re short and clear: What’s the second step in a Business Impact Analysis? On which layer is the Internet destination address added? And you either know the answer or you don’t, simple as that.

It was a little sad that the CD that came with my book had some kind of manufacturing defect that looked a little like a tire had run over the edge of the disk, rendering it useless. Ironically, it really was useless: since I already have the Pearson test engine installed, the enclosed license code did the trick all by itself, downloading the latest version of the test and activating it. From there it was all joy for me. With any luck this was a sheer fluke no one else will run into.

Where I did see some weakness in the text was in the tables and diagrams. Personally, I never like matrix tables: a crosswalk of administrative controls against access control categories means almost nothing to me unless something entices me to look carefully at the rows of Xs. This type of table is often necessary for compliance documentation, but it makes for pretty dull reading in a textbook. And diagrams are best if they show relationships and flow. Eight gray bubbles in a row do NOT illustrate the complexity of the ticket-granting process, for instance. From my own experience writing textbooks, I know this is a tough area. Personally, I cheat: I hire a graphic designer and build the simplest, clearest flow diagrams we can make. And fortunately, in this case, not all the graphics are tables and rows-of-bubbles diagrams. Some, for instance the software development models, are pretty good. In fact seeing the waterfall model as an inverted view of the agile model gave me an interesting moment.

A really good glossary and index are gold for most of my students. You know how this field is: the acronyms are like a bowl of Alpha-Bits, and the nomenclature is thicker than the nearest competitor (psychology). In this book the glossary and index cover over 120 pages, which is to say a quarter the size of the reading proper. For a lower-level text it would be too much. For this cert it’s enough, but not too much. These things are not easy to build, and you’ll appreciate them when you’re scratching your head: where the heck did they define this?

I’d be confident to teach from this text immediately, and I’d be confident taking the test after reading this. At this point I’m still evaluating books for teaching the CISSP going forward, but the certification is looking like a winner because of the demand I’m seeing for it in the sectors I serve: labs, bases, government and education. For this class of student, this book is just about ideal.

Full disclosure: I get textbooks for review from several sources, in this case from Pearson IT Certifications (http://www.pearsonitcertification.com/store/index.aspx?st=86509). I also work for a certifying organization (ISECOM), participate in building certifications (the OPST and SAI), write textbooks and teach at two universities (UNM and NMSU), so while I’m not the usual test subject, I am frequently the instructor.

* * *

Book Review: Just about to fade away: thoughts on the CompTIA A+ Authorized Cert Guide, Third Edition

The A+ exam is nearing its rollover from the 801/802 tests to the 901/902 tests, and I’ll soon be doing my usual survey of new textbooks to teach from. It’s kind of the same decision every time: choose a smaller book that cuts to the point, which makes life easier on the student and directly addresses the tests, or choose a “big” book that really tries to be a comprehensive reference after the test. I don’t mind the big book model, as long as retired subjects are rightly removed and the material genuinely reflects both the new test and current computer tech.

This particular text from Pearson (which I was given by UNM for evaluation, and covers the 801/802 tests) runs over 1100 pages, and definitely falls into the “big book” camp. Now, when I use this as a class text, that’s not particularly a problem, because I tell students directly: don’t memorize POST codes or IRQs or I/O addresses, among many other things. Know the basics, and know how to look up the details. They’re right there in this book, in most cases – but you don’t need all this detail to pass the test. In fact, students can bog down in the exhaustive lists: video resolutions, processor sockets, floppy disk capacities: really? Far better that they spend their time learning troubleshooting techniques, and I’m glad to say they’ll find them here.

This book doesn’t try to artificially divide the subject matter of the two tests; functionally they’re about the same. That’s good, because it prevents a lot of the repetition I’ve seen in some texts. The topic areas are nicely divided, and work through a nice progression from the most elementary hardware to advanced Windows management. Personally, and as a teacher, I appreciate that.

I’ve found I have a strong preference for the Pearson practice tests, included in a CD in the book. The trend has been to online downloads, which aren’t bad in themselves, but often aren’t of such high quality. The offset is that online goodies often include things like videos and flash cards, which some students find really useful. What will this look like in the next version?

I’m waiting to see what the 901/902 edition looks like, particularly compared to its peers. This will be a whole new version of the A+, which means a total reset of the textbook market. This transition is never smooth, but if Soper, Prowse and Mueller can pull of another quality text, it will likely be my choice for next year’s classes.

* * *

Book Review: CompTIA Healthcare IT Technician HIT-001 Cert Guide, by Joy Dark and Jean Andrews

Since I’m evaluating so many books for IT courses, I’ve decided to start doing formal reviews here and on Amazon. I hope these are useful for other instructors like me.

Back in 2012 the HIT certification was brand new and materials were just coming out. I looked at some that I could only describe as ratty, which clearly were selling only because there was literally almost nothing else. Fortunately, there was this book, by far the best thing out there at the time. My copy was a review copy supplied by UNM.

It wasn’t perfect. In fact it looks very much like a first edition built for the first version of a new certification. I’ve been teaching CompTIA certs for some 15 years, and I’m pretty familiar with how they build tests. In this case I’d say they merged questions from the A+, Network+ and Project+ with strong doses of medical terminology and medical legal concepts. As other reviewers have noticed, the pool of questions on the sample test CD is pretty limited. They did, however, seem to cover the same ground as the actual test questions.

This cert was a snap for me because I’ve worked in medical and IT for over 20 years, and have taught the A+, Network+ and Security+ many times. But I’d have to agree that for a person coming into this field cold, this book alone wouldn’t be enough. You’d need to study medical terminology in more depth than you’ll get here, and build a background in security because you won’t get explanations of some pretty deep concepts you’ll be expected to understand for the test.

On the other hand, if you’ve got some experience in this field, this book does a good job of steering you toward the issues the test emphasizes: regulations and agencies, workflows, terminology and security. If you can get on top of the legal hierarchy, for instance, and you’ve already got an A+, you’re most of the way there.

Now, in 2015, I’ve taught this certification with successful students. But I’m surprised, after looking online, that there is still little to compete with this book for a detailed class text. The newer materials I’ve seen are mostly “cram school” stuff, which some people like but I don’t. If I do see continued interest in HIT cert classes this will be my text, but I’ll also be looking for more functionally complete materials. Given what I’ve seen of Joy Dark’s writing, a second edition will be much better. The real test is going to be adoption of the HIT certification itself as a credential, and that I’m still waiting to see.

ISBN-13: 978-0789749291 ISBN-10: 0789749297,

* * *

When Security Is Too Hard For Your Mother: a Dark Matters article

We in the US have been getting our InfoSec pants pulled down and our lunch money stolen on the playground for months, years now. I’ve bitterly complained about the nation/state actors and the non-nation actors and our own government actors, with all the usual results of complaining.

We’d better get serious immediately, at the personal level, about security. When I first approached ISECOM I liked the idea that security should be the default, that it should be hard, in fact, to do unsafe things. But things like money, politics and entrenched interests have kept us from achieving the significant leap forward we’re going to need to secure our information.

Some means are available to us personally: using aliases online for social media accounts, for instance. But in other places our critical personal information is held by … our government, for instance. In not-very-secure ways. Which means that we get pwned when they get pwned. Which is often.

That’s a damned shame, because we do have the means to make security much easier, and much better. We just choose not to use them. Read my discussion here: