Tesis en Ingeniería Social

Llevo mucho tiempo sin publicar este trabajo. Aquí mi Tesis de Maestría en Ingeniería Social.  El ser humano siempre a sido el punto débil de toda empresa. Solo con entrenamientos y actualizaciones de métodos de ataque podremos sobre pasar estos retos.

Social Engineering and Information Awareness

Posted in IT Basics and tagged , by with no comments yet.

Security Certifications


Almost 2 years ago I took the CISSP. I have to admit I have no test taking abilities, and the proctor staring at me for 6 hours killed me. I failed with a 685. This was a very tragic moment on my life; knowing that the pass rate is 70%, I felt the stupidest person on the world. After a couple of weeks of “in the fuck it” mode I decided to do something about it. That is when I started my Masters on Information Assurance. I work for the Federal Government; and for some reason you could have all the experience in the world, but if you do not have a Cert or Credentials to back it up you do not get the job.

So here I am again, a couple of years after at it again. The reason I did not take it again quickly was because of the 500 dollars lost. I wanted to make sure I would not fail again. Now I want to review and help other people review for the exam.

This Blog for now is about CISSP but first I want to talk about other credentials in the market and their standing from my very personal point of view.


Posted in Certifications, CISSP and tagged , , , , by with no comments yet.

Cable & Media Types Standars

Cables Cables and more cables


Posted in IT Basics and tagged , by with no comments yet.

TCP/IP IP Model 2

TCP/IP model,  the peculiar thing about this image, is it’s layout. It is organized in such way to help you understand TCP/IP and how it works. Combining this knowledge will help you have an understanding for the CISSP exam.


Posted in IT Basics and tagged , by with no comments yet.

10 Common Body of Knowledge, By Shon Harris


Applications and Systems Development Security

This domain examines the security components within operating

systems and applications and how to best develop and measure their

effectiveness. This domain looks at software life cycles, change control,

and application security. Some of the other topics covered include:

• Data warehousing and data mining

• Various development practices and their risks

• System storage and processing components

• Malicious code


Posted in CISSP by with no comments yet.


SSL is a secure protocol used for transmitting private information over the Internet. It works by using a public key to encrypt data that is transferred over the SSL connection. SSL provides data encryption, server authentication, message integrity, and optional client authentication.

TLS – upgrade to SSL, resides on application layer and can secure other protocols/applications, such as SMTP, IMAP, POP3, and HTTP.

SET (Secure Electronic Transaction) protocol originated by VISA and MasterCard as an Internet credit card protocol using digital signatures; makes USE of an electronic wallet on a customer’s PC and sends encrypted credit card information to merchant’s Web server, which digitally signs it and sends it on to its processing bank. It is comprised of three different pieces of software, running on the customer’s PC (an electronic wallet), on the merchant’s Web server and on the payment server of the merchant’s bank. The credit card information is sent by the customer to the merchant’s Web server, but it does not open it and instead digitally signs it and sends it to its bank’s payment server for processing.


Posted in IT Basics by with no comments yet.

TCP/IP Model

This Model should be learned and memorized, if asked you should not have to think about them. These links will guide you to their wikis for easy study access.


Posted in IT Basics by with no comments yet.

OSI Reference Model Layer Summary

The The Open System Interconnection Reference Model is some thing that should be completely learned and memorized.  Pretty much just read the chart a couple of times and try to learn it so that when you are asked you can have a quick response.


Posted in CISSP and tagged , by with no comments yet.

CompTIA A+ (Spanish)


Objetivos de CompTIA A+ 220-702  Los Objetivos de CompTIA A+ 220-702 están sujetos a cambios sin previo aviso.

Objetivos de CompTIA A+ Practical Application (2009 Edition) Número de Examen: 220-702 #1


Con el objetivo de recibir la certificación CompTIA A+, un candidato debe aprobar dos exámenes.  El primer examen es CompTIA A+ Essentials, número de examen 220-771.  Los objetivos del examen CompTIA A+ Essentials están disponibles en www.comptia.org.  El examen CompTIA A+ 220-702, Practical Application, es el segundo examen requerido con el fin de que los candidatos para certificación de CompTIA A+ completen sucertificación en la Edición 2009 de CompTIA A+.

El examen CompTIA A+ Practical Application mide las competencias necesarias para un profesional de TI de nivel básico que tiene experiencia práctica en laboratorio o en el campo.  Los candidatos exitosos tendrán las habilidades requeridas para instalar, configurar, actualizar y mantener estaciones de trabajo de PC, el sistema operativo Windows y redes de oficina pequeña/oficina en casa. El candidato exitoso utilizará técnicas y herramientas de resolución de problemas para resolver con efectividad y eficiencia problemas de PC, sistema operativo yconectividad de red e implementar prácticas de seguridad.  Los títulos de trabajo en algunas organizaciones que son descriptivos del papel de este cargo pueden ser:  Técnico de empresa, administrador de TI, técnico de servicio de campo, técnico de PC o soporte, etc.  Idealmente, el candidato a CompTIA A+ Practical Application ya ha aprobado el examen CompTIA A+ Essentials.


Posted in Certifications and tagged by with no comments yet.