Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

In this week's edition:
🧑‍🎓 Studying for CISM - insights and tips
📰 Bits & Bytes
❓ Disable User explains: Vishing
🔥 meme of the week

Reading time: 02:41

Studying for CISM - insights and tips

So I started studying for CISM, again.

The stupid thing is. Because it’s been a while, I kinda forgot how ‘hard’ it is.
I use ‘hard’ because it’s not really hard, but it’s a lot.

And I mean, really, a lot.

Luckily this is far from my first certificate, and I’ve gotten pretty good at studying. (this sounded more cocky than I wanted)

I joined some facebook/LinkedIn groups, bought some course material and started going at it.
After chatting with some fellow students, I noticed not everyone knows what to expect - or even how to study.

So let me dish out some tips for anyone studying, which I think might help.
Whether it’s CISM, CISSP, Security+ or any other certificate, this is a one-size-fits-all.

So here are Four tips for a successful exam:

• Set a realistic end-date - always start with the end in mind. That goes for almost anything in life. So pick a date, and stick with it. I see so many people eager to learn but fail because they keep postponing.

• Make regular study time - an end-date is one thing, but if you don’t make regular study time you’ll only get nervous. The more time you spend, the better, but every hour counts. Even 4 hours a week can make significant impact.

• Read the exam objectives before anything - don’t just dive it and see what comes. Read the exam objectives and know how they are scored.

• Take multiple practice tests - This does depend on the certificate a bit, but try to make practice tests from multiple sources. Make sure to score 80% on average and for every domain in the exam.

• Bonus: Don’t start with CISM (or CISSP, CSSP) - I did CSSP 5 years ago and I massively underestimated it. After gaining experience for 5 years and doing a lot of other certifications I feel I’m finally ready to take on one of the big boys.

I’ll keep you updated on my progress, my target end-date is September 30th.

As some of you may remember, I did my Security+ a while back. I’ve written down my findings and will share them with those interested in the next few weeks.

If you want some more tips, or have any questions I can help with. Feel free to give me a message on LinkedIn.

Bits & Bytes

• Nickelodeon investigates breach after leak of 'decades old’ data - dang, they took Tha Good Stuff. Remember when Nickelodeon used to bring the heat? And don’t get me started on Cartoon Network. Or maybe I’m just getting old, I dno.

• Twitter now requires users to sign in to view tweets - stressful times at Twitter I can imagine. First this and now with Threads launched, they have a major competitor.

• Introducing Threads: A New Way to Share With Text - the talk of the town the last few days. Not available in the EU though, because Threads doesn’t do too well on privacy.

• New ‘Big Head’ ransomware displays fake Windows update alert - apart from the Windows Update part, this is some pretty scary stuff. It’s not sophisticated, but targets those who are easy to fool and lack extensive virus protection. I better go call my grandma..

• July 2023 Patch Tuesday forecast: A month of instability and uncertainty - while I think the article exaggerates a ‘bit’ - are you ready for Patch Tuesday? Follow-up q: is anyone ever, really?

Social Engineering special: Vishing

A phishing technique that uses phishing via Voice calls.

The last one in the “swap the P in Phishing for something else” category. I promise.

Meme of the week