Friday, December 25, 2015

@christoperj:

Although its been said many times, many ways. . .

Thursday, December 24, 2015

@christoperj:

Not a creature was stirring (except for the three minions looking for attention). . .

Tuesday, December 22, 2015

Now Trihexaconta-Certified with PMP Goodness. . .

From the Project Management Institute on December 22nd, 2015:

Christopher J. Marcinko -- Project Management Professional (PMP)
"This is to certify that Christopher J. Marcinko has been formally evaluated for demonstrated experience, knowledge and performance in achieving an organizational objective through defining and overseeing projects and resources and is hereby bestowed the global credential Project Managment Professional in testimony whereof, we have subscribed our signatures under the seal of the institute."

Date of Certification:
December 22nd, 2015

Expiration Date:
December 21st, 2018

Certificate Number:
1885306

Tuesday, December 15, 2015

Now Dohexaconta-Certified with CCSP goodness. . .

From the International Information Systems Security Certification Consortium (ISC2) on December 15th, 2015:

Christopher J. Marcinko -- Certified Cloud Security Professional (CCSP)
"The (ISC)2 Board of Directors hereby awards Christopher J. Marcinko the credential of Certified Cloud Security Professional having met all of the certification requirements, which include the professional experience prerequisite, adoption of the (ISC)2 Code of Ethics, and successful performance on the required competency examination, subject to recertification every 3 years, this individual is entitled to all of the rights and privileges associated with this designation, as defined in the (ISC)2 Bylaws."

Christopher J. Marcinko @ AcclaimDate of Certification:
December 15th, 2015

Expiration Date:
December 31st, 2018

Certificate Number:
97309

Saturday, December 12, 2015

@securityguy23:

Back from executing a HIPAA risk assessment in Tampa -- returning to regularly scheduled programming, already in progress. . .

Friday, December 4, 2015

@securityguy23:

Back from executing a vulnerability assessment in Houston -- returning to regularly scheduled programming, already in progress. . .

Wednesday, December 2, 2015

@securityguy23:

Closing out a Certified Cloud Security Professional (CCSP) Live Online Class -- returning to regularly scheduled programming, already in progress. . .

Saturday, November 28, 2015

@christoperj:

Seven and a half inches of rain in the last three days. . . Drought seems so long ago now. . .

Thursday, November 26, 2015

@christoperj:

"As God is my witness, I thought turkeys could fly". . .

@christoperj:

Thankful for many things. . .

Saturday, November 21, 2015

@securityguy23:

Back from team meetings in New Jersey -- returning to regular scheduled programming, already in progress. . .

Wednesday, November 11, 2015

@christoperj:

Taking a moment to remember the reason for this day. . .

Monday, November 9, 2015

@christoperj:

If you're mad at Starbucks because they've gone with a red cup instead of one with snowflakes and such --

(1) It's not even december yet

(2) Maybe you should take a hard look at yourself to figure out why you are *really* so bothered by the marketing whims of a multinational corporation?

Tuesday, October 27, 2015

@christoperj:

@MLB international feed has been on for only 5 minutes -- already think it's a better delivery than the last dozen or so national @FoxSports baseball broadcasts. . .

Friday, October 23, 2015

@christoperj:

Strongest hurricane in recorded history makes landfall south of the US, and @CNN is running an episode of Anthony Bourdain?!? Odd priorities. . .

If UK based CNNi feels a hurricane landfall is newsworthy, and uses Atlanta based CNN weather staff -- not sure why local @cnn doesn't think the same

Wednesday, October 14, 2015

Now Henhexaconta-Certified with CPSC Goodness. . .

From Check Point Software Technologies LTD. on October 12th, 2015:

Christopher J. Marcinko -- Check Point Certified Sales Representative
"This is to certify that Christopher J. Marcinko has demonstrated the knowledge to be a: Check Point Certified Sales Representative."

Date of Certification:
October 12th, 2015

@christoperj:

Let's Go Rangers. . . #RedOctober #NeverEverQuit

Monday, October 12, 2015

@securityguy23

Thinking "How Can I Help You?" instead of "How Can I Make Money Off of You?" is quite simply the difference between being a "Service" focused professional vs. just a "Sales" guy. . .

Saturday, October 10, 2015

@securityguy23:

Back from executing a HIPAA Assessment in Tampa Bay -- returning to regularly scheduled programming, already in progress. . .

Thursday, October 8, 2015

@christoperj:

One Down. . . #RedOctober #NeverEverGiveup

@christoperj:

Wondering why the FS1 announcers seem to be focused on just trading stories vs. calling the play by play for the game they're broadcasting. . .

Monday, October 5, 2015

@securityguy23:

Apparently some enterprising lawyers are making some money based on the email I received earlier -- Guess I'll be getting a check for a few bucks and change next year. . .

NOTICE OF PENDING CLASS ACTION AND NOTICE OF PROPOSED SETTLEMENT
PERKINS V. LINKEDIN CORP.

You are receiving this e-mail because you may have used LinkedIn's Add Connections feature between September 17, 2011 and October 31, 2014.
A federal court authorized this Notice. This is not a solicitation from a lawyer.

Why did I get this notice? This Notice relates to a proposed settlement ("Settlement") of a class action lawsuit ("Action") against LinkedIn Corporation ("LinkedIn") based on LinkedIn's alleged improper use of a service called "Add Connections" to grow its member base.

What is the Action about? The Action challenges LinkedIn's use of a service called Add Connections to grow its member base. Add Connections allows LinkedIn members to import contacts from their external email accounts and email connection invitations to one or more of those contacts inviting them to connect on LinkedIn. If a connection invitation is not accepted within a certain period of time, up to two "reminder emails" are sent reminding the recipient that the connection invitation is pending. The Court found that members consented to importing their contacts and sending the connection invitation, but did not find that members consented to LinkedIn sending the two reminder emails. The Plaintiffs contend that LinkedIn members did not consent to the use of their names and likenesses in those reminder emails. LinkedIn denies these allegations and any and all wrongdoing or liability. No court or other entity has made a judgment or other determination of any liability.

What relief does the Settlement provide? LinkedIn has revised disclosures, clarifying that up to two reminders are sent for each connection invitation so members can make fully-informed decisions before sending a connection invitation. In addition, by the end of 2015, LinkedIn will implement new functionality allowing members to stop reminders from being sent by canceling the connection invitation. LinkedIn has also agreed to pay $13 million into a fund that can be used, in part, to make payments to members of the Settlement Class who file approved claims. Attorneys representing the Settlement Class will petition the Court for payment of the following from the fund: (1) reasonable attorneys' fees, expenses, and costs up to a maximum of $3,250,000, and (2) service awards for the Plaintiffs up to a maximum of $1,500 each. The payment amount for members of the Settlement Class who file approved claims will be calculated on a pro rata basis, which means that it will depend on the total number of approved claims. If the number of approved claims results in a payment amount of less than $10, LinkedIn will pay an additional amount up to $750,000 into the fund. If the pro rata amount is so small that it cannot be distributed in a way that is economically feasible, payments will be made, instead, to Cy Pres Recipients selected by the Parties and approved by the Court. No one knows in advance whether or in what amount payments will be made to claimants.

Good times

@securityguy23:

Back from vacation -- returning to regularly scheduled programming, already in progress. . .

Sunday, October 4, 2015

@christoperj:

Oh crap -- now we get Toronto?!? #RedOctober #NeverEverQuit

@christoperj:

162 games and only one really mattered. . . wow. . . #RedOctober #NeverEverQuit

@christoperj:

Really would like to think a 7 run lead would be enough. . . #RedOctober #NeverEverQuit

Saturday, October 3, 2015

@christoperj:

Lets go Diamondbacks. . . #NeverEverQuit #RedOctober

@christoperj:

Wow. Just wow. On to Game 162. . .

@christoperj:

Lets Go Rangers #RedOctober #NeverEverQuit

Wednesday, September 30, 2015

@christoperj:

Amazing to me that in a season of 162 games, how things always seem to come down to games 159, 160, 161, 162 -- and sometimes 163. . . #RedOctober

Monday, September 28, 2015

@christoperj:

Really wonder why Facebook just doesn't filter the crap hoaxes that were written about them -- especially when they're clearly designed to just make the reposter look foolish by playing on their fears and distrust and whatnot. . .

Sunday, September 27, 2015

Saturday, September 19, 2015

@christoperj:

"But now and then there are Saturdays. Big temporal tipping points when anything's possible. . ."

Dakotah with a Sonic Screwdriver

Friday, September 18, 2015

@christoperj:

Whatever one may think about the state of healthcare -- When standard tests cost a mere $43 bucks simply because that's what (and only what) the insurance company pays, but if I wasn't covered -- the doctor would instead be coming after me for a full $450. That's a real problem deserving of a real solution.

List cost is list cost. And I'm sure this varies depending on provider and insurance company relationship. Is what it is. No dispute there.

But it sure seems misguided at best to expect somebody who is having difficulty finding insurance (let alone paying for it) to be able to pay a 1000% markup for anything (routine preventive care or not).

And if the provider is able to offer such significant discounts to the vast majority of their patients who do have decent coverage -- and still maintain a profitable business (which they clearly can since most people pay the deeply discounted rates), then surely they can afford to do the same to those who don't.

Es no bueno.

Tuesday, September 15, 2015

@christoperj:

Wow, Rangers are in First Place -- #NeverEverQuit

@securityguy23:

Back from giving a HIPAA Assessment presentation in Green Bay -- Returning to regularly scheduled programming, already in progress. . .

Saturday, September 12, 2015

@securityguy23:

Back from executing a HIPAA Assessment in Arkansas -- Returning to regularly scheduled programming, already in progress. . .

Friday, September 11, 2015

Saturday, August 29, 2015

Friday, August 28, 2015

Now Hexaconta-Certified with GCPM Goodness. . .

From the SANS Global Information Assurance Certification (GIAC) on August 28th, 2015:

Christopher J. Marcinko -- GIAC Certified Project Manager (GCPM)
"GIAC presents this certification to Christopher J. Marcinko who has met the necessary requirements and demonstrated a mastery of the subject matter and security skills to earn the GIAC Certified Project Manager - GCPM."

Christopher J. Marcinko @ AcclaimDate of Certification:
August 28th, 2015

Expiration Date:
August 31st, 2019

Certificate Number:
411

Apparently Today, @UPS "Signature Required" Instead Means "Driver Can Forge My Signature and Just Dump the Package at the Door". . . (Good to Know)

Update3 -- 4PM
Still waiting for a copy of the 'forged signature' that was supposed to be automatically processed within 90 minutes

Curiosity now more than anything. . .

Update2 -- 12 Noon
Brennon quickly called back explaining that he talked to the driver -- and the driver man'ed up and admitted forging my signature since they were up against the clock for pending deliveries.

To his credit again, Brennon apologized again and noted that the behavior was not acceptable and it will be addressed internally. I'm good with that.

Also impressed at the speed of resolution. Not clear it's enough to trust UPS for anything critical. But at least they owned the issue.

That's something I guess.

Update1 -- 11:45A
Received a quick call from Brennon at the local UPS station to discuss the situation. The full background from the UPS Customer Service Center was not conveyed (grr). Explained that the package was delivered, but that I'm very bothered that the driver clearly forged my signature for the sake of making a quick delivery vs. spending the 2 minutes to knock and do the handoff. Also asked if the signature was made on a UPS internal contractual document (since it's being used to confirm execution of a service) and he confirmed it was.

On a personal thought -- I can't imagine what would happen if I signed one of my customer's names claiming that they had agreed something had happened -- when it really didn't. Really don't think it would end up well for me though.

To his credit, Brennon apologized, accepted ownership of the issue, said that he would investigate further and would call me back once he had info on what happened.

Original Post -- 11:20A
Had a customer ship a rather expensive piece of equipment to me Next-Day overnight. This package was being shipped to the house, one that faces a busy street. But most importantly -- this package was mission critical valuable requiring spot-on tracking maintaining chain of custody every step of the way. This required assurance, with zero doubt, that it was safely in my possession at the end of the day.

So it was specifically shipped with "Signature Required" with a declared value of $2,100

Also put a big sign on the door asking the UPS Driver to knock. The thought being that if didn't hear the driver, my wife and/or my three dogs would.
Clearly and at eye level
Clearly and at eye level

So 10:30a rolls around and I realize that the package hadn't yet been delivered. I went outside to look for a "delivery attempt" made sticker and instead found both the "Signature Required" box (and an unrelated ground package) just sitting in front of my door.
Sigh - packages dumped without any attempt to get my signature. The "Signature Required" package is under the unrelated ground package

Perplexed, I look online to confirm that the package was shipped "Signature Required" -- and it was. Tracking information also says that it was left at the "Front Desk" @ 10:22a. Interesting trick since this is my house and there is no such front desk. Online tracking also shows that somebody named "MARKINKO" signed for it. Also interesting as no such thing happened.
Huh
Huh
No it wasn't
No it wasn't
When is "proof of delivery" actually proof of nothing?

Reached out to the UPS Customer Service Center Help Desk to voice my concern. They took the complaint and promised to forward it to the local station. I asked if a digital signature was provided during delivery on the internal UPS contract documentation -- and they said one had, but it was "illegible". So I gather the driver forged a signature to make the quick delivery. Dumping a package is one thing -- that's nothing new. Forging a customer signature on a UPS Contract document to claim something that happened when it didn't -- well, horse of a different color stuff there

I'm to receive both a call from the local station and a copy of the forged signature. We'll see.

Been here for 11 years. Have had problems here and there with packages being dumped without ringing the doorbell and leaving packages in puddles (and the bushes). Neither happens all the time. But it does.

Never ever had a driver forge my signature just so they could claim a delivery was made

Not good times
Chat with UPS Customer Service Center
1_upschatbegin.jpg
2_upsnextnextnextnext.jpg
3_upsnextnextnext.jpg
4_upsnextnext.jpg
5_upschatnextend.jpg
6_upschatend.jpg

Thursday, August 27, 2015

Wednesday, August 26, 2015

@christoperj:

Way too many troubled people in this world. . .

Monday, August 24, 2015

@securityguy23:

Back from executing a HIPAA Assessment in Austin -- returning to regularly scheduled programming, already in progress. . .

Wednesday, August 12, 2015

@securityguy23:

Finished teaching the final session of twice weekly SSCP Live OnLine Class -- returning to regularly scheduled programming, already in progress. . .

Students -- Good Luck on the Exam!

@securityguy23:

Spoil the customer with service, and they'll always come back. . .

Sunday, August 9, 2015

Tuesday, August 4, 2015

@christoperj:

If you're a telemarketer and you don't like me reading the negative BBB and Yelp reviews back to you when trying to sell me something -- you really should not call me in the first place. . .

(That and I'm on the Do Not Call list)

Just a thought

Monday, August 3, 2015

@securityguy23:

Back from vacation, returning to regularly scheduled programming -- already in progress. . .

Saturday, July 25, 2015

@securityguy23:

Back from executing a HIPAA Security Risk Assessment in Tampa Bay -- returning to regularly scheduled programming, already in progress. . .

Thursday, July 16, 2015

@securityguy23:

Back from executing a security assessment in Irving -- returning to regularly scheduled programming, already in progress. . .

Tuesday, July 14, 2015

@christoperj:

Well done NASA @NASANewHorizons

@christoperj:

9 years and 3 billion miles later, holding my breath @NASANewHorizons

Saturday, July 11, 2015

@securityguy23:

Closing out Year 4 of the SHI Experience, now starting Year 5. . .

Friday, July 10, 2015

Now Nonapentaconta-Certified with GSSP-.NET Goodness. . .

From the SANS Global Information Assurance Certification (GIAC) on July 10th, 2015:

Christopher J. Marcinko -- GIAC Secure Software Programmer-.NET (GSSP-.NET)
"GIAC presents this certification to Christopher J. Marcinko who has met the necessary requirements and demonstrated a mastery of the subject matter and security skills to earn the GIAC Secure Software Programmer-.NET - GSSP-.NET."

Christopher J. Marcinko @ AcclaimDate of Certification:
July 10th, 2015

Expiration Date:
July 31st, 2019

Certificate Number:
440

Sunday, June 21, 2015

@securityguy23:

Back from SANSFire 2015 -- returning to regularly scheduled programming, already in progress. . .

Marcinko SANSFire 2015

Monday, June 15, 2015

@christoperj:

Holy crackers, Transformers Age of Extinction is bad. . .

Saturday, June 13, 2015

@securityguy23:

Back from executing a HIPAA Assessment in Green Bay -- returning to regularly scheduled programming, already in progress. . .

Saturday, May 30, 2015

@securityguy23:

Back from team meetings in New Jersey -- returning to regularly scheduled programming, already in progress. . .

Monday, May 25, 2015

Thursday, May 21, 2015

@securityguy23:

Back from executing a security assessment in Philadelphia -- returning to regularly scheduled programming, already in progress. . .

Friday, May 8, 2015

Now Octapentaconta-Certified with GLEG Goodness. . .

From the SANS Global Information Assurance Certification (GIAC) on May 8th, 2015:

Christopher J. Marcinko -- GIAC Law of Data Security & Investigations (GLEG)
"GIAC presents this certification to Christopher J. Marcinko who has met the necessary requirements and demonstrated a mastery of the subject matter and security skills to earn the GIAC Law of Data Security & Investigations - GLEG."

Christopher J. Marcinko @ AcclaimDate of Certification:
May 8th, 2015

Expiration Date:
May 31st, 2019

Certificate Number:
657

Thursday, May 7, 2015

@christoperj:

Awesome. Lightning strikes a fracking well 3 miles SW of Fort Marcinko. Burns for an hour or so. Now explodes.

Es No Bueno

Wednesday, May 6, 2015

Sunday, May 3, 2015

@securityguy23:

Back from Interop and Sophos Partner Connections in Las Vegas -- returning to regularly scheduled programming, already in progress. . .

Sunday, April 26, 2015

@christoperj:

Ahh, springtime in Texas. . .

Saturday, April 25, 2015

@securityguy23:

Back from executing a HIPAA Assessment in Tampa -- returning to regularly scheduled programming, already in progress. . .

Friday, April 10, 2015

Now Heptapentaconta-Certified with GSSP-JAVA Goodness. . .

From the SANS Global Information Assurance Certification (GIAC) on April 10th, 2015:

GIAC Secure Software Programmer-Java (GSSP-JAVA)
"GIAC presents this certification to Christopher J. Marcinko who has met the necessary requirements and demonstrated a mastery of the subject matter and security skills to earn the GIAC Secure Software Programmer-Java - GSSP-JAVA."

Christopher J. Marcinko @ AcclaimDate of Certification:
April 10th, 2015

Expiration Date:
April 30th, 2019

Certificate Number:
1472

Wednesday, April 1, 2015

Apparently @Verizon Can Record Telemarketing Calls, But Also Has An Official Policy to Disconnect the Call If I Ask to Do The Same. . . (Who Knew?)

Just got a call from a Verizon telemarketer @ 516-570-9227 looking to sell me something. They first say they are recording the call for "quality purposes". Very standard stuff.

But when I ask to do the same on my end -- the sales agent then tried to end the call stating "It's "Verizon's policy to immediately disconnect the call" and proceeded to thank me for my time.

(Um What?)

I asked her to confirm -- She did.

I asked her if she saw the irony in that Verizon is recording the call to hold me to a sale, but refusing to allow me to record the call to hold them to their sales pitch -- She repeated the "Verizon's policy to immediately disconnect. . ." line after a few seconds pause.

I giggled, thanked her, and explained that I understood that, but asked again from "one person to another" if she saw the irony of what she was saying -- She repeated the "Verizon's policy to immediately disconnect. . ." line after a few more seconds pause.

I thanked her again, and asked to speak to a supervisor -- She (after a few more seconds pause) said that a supervisor would tell me the same think that it was "Verizon's policy to immediately disconnect. . ."

I explained that I understood that, but I also recognized that there was probably somebody listening given the pauses and that I would still like to speak to a supervisor -- She said (after another pause) that there was no supervisor available and that it was "Verizon's policy to immediately disconnect. . ."

I then gave up, and she proceeded to try to "thank [me] for my time" again.

At least this is the best I remember since they refused to allow me to record the call.

Whatever the case, I'm deeply amused by the irony that Verizon's official corporate policy is apparently that they can record the call to hold me to a sale, but if I ask to record the call to hold them to what they are claiming on the call -- it's immediately game over.

None of this really matters legally since both Texas (where I'm at) and New York (where this telemarketer's phone number claims she was) are both one-party consent states. And I had permission from myself to record, so all good there. Didn't, but could have.

So my best guess is that they don't want to be held accountable for what their telemarketers are saying. And probably don't want to risk some of the PR situations that have burned Comcast and Time Warner.

But since this one Verizon representative refused to say anything beyond the official policy and refused to allow me to talk to a supervisor (which itself seems like a TCPA violation) -- guess I'll never really know for sure.

Made me laugh, though.

Good Times

Monday, March 30, 2015

Monday, March 23, 2015

@securityguy23:

Back from Check Point R77 training -- returning to regularly scheduled programming, already in in progress. . .

Friday, March 13, 2015

@securityguy23:

Back from internal team meetings in Phoenix -- returning to regularly scheduled programming, already in progress. . .

Thursday, March 12, 2015

@securityguy23:

If you don't understand "why" you're trying to do something, then the "how", "when", "what", and/or "who" doesn't really matter. . .

Friday, March 6, 2015

Now Hexapentaconta-Certified with IBM Security Access Manager for Mobile Goodness. . .

From the IBM Software Middleware Group on March 6th, 2015:

Christopher J. Marcinko -- IBM Certified Deployment Professional: Security Access Manager for Mobile v8.0
"In recognition of the commitment to achieve professional excellence, this certifies that Christopher J. Marcinko has successfully completed the program requirements as an IBM Certified Development Professional -- Security Access Manager for Mobile v8.0."

Date of Certification:
March 6th, 2015

Wednesday, March 4, 2015

@securityguy23:

If you're not looking at your logs -- you have no logs. And if you have no logs -- you have no security. . .

Monday, February 23, 2015

@christoperj:

Ice, Ice, Baby. . .

@christoperj:

Back from vacation -- returning to regularly scheduled programming, already in progress. . .

Friday, February 6, 2015

@securityguy23:

Back from an ISC2 Train the Trainer event in San Francisco -- returning to regularly scheduled programming, already in progress. . .

Friday, January 23, 2015

@securityguy23:

Back from helping execute a vulnerability assessment in Corpus Christi, team meetings in Austin, and customer meetings in Dallas -- returning to regularly scheduled programming, already in progress. . .

Saturday, January 17, 2015

@securityguy23:

Back from architecting a risk management program focused on HIPAA and the SANS20 in Wisconsin -- returning to regularly scheduled programming already in progress. . .

Friday, January 9, 2015

Now Pentapentaconta-Certified with STS-Symantec Technical Foundations: Security Solutions 2.0 Goodness. . .

From the Symantec Technical Accreditation Program on January 9th, 2015:

Christopher J. Marcinko -- Symantec Technical Foundations: Security Solutions 2.0
Designation:
Symantec Technical Foundations: Security Solutions v2.0

Date of Certification:
January 9th, 2015

Tuesday, January 6, 2015

@christoperj:

Saddened by the untimely death of Christopher Allen Bratton -- a trusted security peer and a friend. . .

Thursday, January 1, 2015

@christoperj:

We'll take a cup of kindness yet. . .