Working on a Second Edition!


I likely won’t change the cover.

Hi Everyone!

I’m currently working on a second edition of “Adventures in Cybersecurity”. I’m going to hopefully make it a little better, as while I think it’s good, I think it could be better, too. It’s been out for nine months already(!) and re-reading it since then has made me think that I could do a couple of things differently, and also add in a bit more in the way of stories relevant to the title.

If you’ve purchased the book, I’ll refund your money if you purchase the second edition. I’ve never been one for charging for different editions of a book – I view them like software in that regard. Unless the product is materially different from the original, then I think you should get upgrades for free. 🙂

On Becoming a CISSP


Picture from

(Note: I in no way received any compensation and no one has influenced me in creating this post. It is purely of my own desire and design.)

A CISSP is a Certified Information Systems Security Professional, and is essentially the “gold standard” of information security certifications, as well as one of the longest-standing.

I’ve been a CISSP since October of 2003. That’s almost thirteen years now.

Among hackers/computer security professionals, particularly ones who think they’re better than everyone else (and to be fair, some of them really are when it comes to computer security) the CISSP is seen as a “paper certification” that just about anyone can get. While it’s not impossible to get, I don’t think it’s nearly as easy to obtain as they might suggest, and to some extent I think that some people in those circles are covering up for the fact that they were too afraid to try to qualify. Regardless of the psychology of my peer group, I believe the certification has merit, which is both why I got it, and why I maintain it.

An illustration of that point is how employers treat it. It’s difficult to get a job in Information Security without some kind of certification, and the CISSP always works for that qualification. That’s not to say that you can’t get that same job without it; if you are a cyberninja and you can prove it, you can certainly pass on merit. However, you might have some difficulty making it past the HR screening software, which will likely have automatically eliminated your resume for not having included it in the first place.

Anecdotally, my obtaining the CISSP made a very big difference in my career, as you’ve likely read in my book. (You have, haven’t you? 😉 ) Having already been doing security work at what was Corsis at the time (later I had fulfilled the work requirement of the CISSP (then three years and a college degree; now it’s four years and a college degree) so it made sense to me that I should try for it, since Information Security is what I wanted to be doing. I started researching, and found that it was indeed difficult, and that I needed to prepare.

As I outlined in the chapter “Data Center Nightmares” it was a bit arduous to get the certification, requiring quite a bit of study, and a class. The class cost $3500 (not including airfare, but including hotel & breakfast each day) and took place in Fort Lauderdale, Florida. I actually took out an education loan from Key Bank ($KEYW) for the $3500 at the time, given that it was a class and that I’d spent my other $3500 from the tax return previously on the Computer Forensics class that I took.

It was a good investment. The payoff when I switched to my job at Capital IQ was an immediate increase in salary by more than $30,000 per year. That’s an immediate 8.57x return on my money (to say nothing of the lifelong value of that increase & subsequent ones) and I paid off the education loan well before it was due, thereby also increasing my credit score.

So while some people may say that a CISSP is not worth it, I tend to think it is. It will get you past gatekeepers – automated or otherwise, and proves to employers that you have a broad understanding of Information Security. You will still have to prove yourself at any job, but less of it will be upfront while attempting to get it. It ensures to employers that you have a level of competency, and more importantly, since you have to take an oath to actually obtain the certification, that you are trustworthy. Yes, some 1337 h4ck3rs may have levels of skills that are higher than some people with the CISSP, but there are other factors to consider, and those other factors play an important role and make the CISSP the prominent security certification that it is today.

Print Version Published!

Hi Everyone,

The print version of “Adventures in Cybersecurity” is now available! It’s $9.99, which is the lowest Amazon will allow me to price it. I’ll have a few of them myself, and carry copies to sign if anyone is interested. (Also, the copies I’ll sign will be free, so there’s that.)

I also have an official Amazon Author page now:


Those of you connected to me on Linked In may recognise the profile. 😉

The print book is listed as being sold used and new for multiple sellers, but I’m not sure how that could be possible since no one’s bought any quite yet. Nonetheless, if you check out the page for the print version of the book, you can actually get it cheaper than for what it retails at new. Or like I said, you can get a free copy from me, even signed, if you’re ever in the same place (or nearby) that I am.

Forums Are Now Live!

The forums for the site are now live. You can click the “Forums” button at the top of the page to discuss the book, your own adventures in cybersecurity, or just adventures in IT. I’m looking forward to hearing more about the things others have experienced, and am happy to answer questions about the book as well!

Kindle Fire HD 7

Kindle Fire HD 7 Giveaway!

Kindle Fire HD 7

To celebrate the release of my first book on Amazon, I’m giving away a Kindle Fire HD 7! All you have to do to enter the drawing is show that you’ve purchased the book and left a review. The Kindle is a Fire HD 7 in white, with 8GB storage, Wifi, and with the special offers. It retails for $139 in the US.

The proof for entry can be a screenshot of the purchase and review on Amazon, or a forward of the receipt email with the review username to me. Forward all proof to:

I’ll be picking a winner at the end of August (the 31st to be precise) beginning of November (for any entries received prior to the 31st of October) and the winner will be notified by email in the first week of September November. The entry is open to customers in all countries, excepting those embargoed by the US.

If you have any questions, please feel free to reach out at the email above as well.

Good luck!

(Edits on 26 July extending the contest.)

Adventures in Cybersecurity is Published!


It’s official! I am a published author. Adventures in Cybersecurity has been published on Amazon. (Click the link to head to Amazon & get it!) I chose to use Kindle Direct Publishing (KDP) and to make the book available exclusively through Amazon.

The price is currently set at $3.99 (USD) which is what Amazon suggested, but if you have Kindle Unlimited you can read it for free.

I’m planning to give away a Kindle Fire HD 7 to one lucky purchaser of the book. Simply take a screenshot of your receipt or forward the email showing your purchase to tom@adventuresincybersecurity to be entered into the drawing! The winner will be chosen at the end of August, and notified by email.