Category Archives: Blog

Linksys Velop: Day 1

WiFi in our mid-century split level home has never been pleasant. Built with heavier framing and flooring materials than are used today, compounded by a massive brick chimney that acts like a blockade across the middle of the home, WiFi signals have a hard time getting around.

We are Xfinity broadband customers, and the service has been highly reliable. We have used a mid-grade Linksys access point on 2.4 and 5 GHz, with Linksys repeaters at each end of the home to get signal into the entire home. All these are on the main level; downstairs suffers a bit but it’s not too bad.

I have a detached home office out back, connected by a hard Ethernet line and an Apple Airport Time Capsule for WiFi and backing up my three Mac computers.

Back to the main house. The real problem with WiFi was that we have to connect to different access points depending on where we are in the house.  WiFi signals overlap, so often we’d be on one access point with a really weak signal and poor throughput, and would have to manually reconnect to a closer access point for better performance.  I was growing weary of this.

I’ve been reading reviews (such as this one, and another from PC Magazine) of Grid WiFi systems for months, and put my money down on a Linksys Velop system.

I unboxed the system yesterday and started to set it up. I put the first one in the upstairs hallway on a table, where I could run an Ethernet connection back to the Xfinity modem and where there was power nearby. I downloaded the mobile app (which you must use for setup).

I ran into what is apparently a bug in the setup program, the access points, or both. The Linksys unit should have received a DHCP address from the Xfinity modem, but it didn’t know that it did, and it complained that it did not have an Internet connection.  I struggled with this for over an hour. I finally assigned a fixed IP address to the first Velop unit, and confirmed on the Xfinity modem that it was indeed connected.  However, the Velop unit bitterly complained that there was no Internet connection. Frustrated, I finally decided I was going to ignore this for the moment and proceed with configuration of the Velop unit anyway. I configured the SSID, guest wireless, and other settings. The mobile app was really great for this, and made it really easy.

So here was the surprise. After setting up the first Velop unit, its LED glowing bright red, meaning, no internet connection.  But I thought, what the heck, and I connected to it anyway. I went to my favorite speed test site,, and voila, I was in fact connected to the internet and was getting great throughput (82Mbit/s on my 80Mbit/s service).  The Velop unit’s red LED says one thing, although the mobile app did say everything was fine.

I proceeded to set up the other two Velop units. The mobile app guided me through this and it was a breeze. Each unit took just 5-10 minutes, including downloading the latest firmware updates automatically.

The LED unit on each unit glows bright red, but the system is working pretty well.

I configured two of my Macbook Pros to use the new WiFi, as well as my iPhone. My wife reconfigured the master bedroom television to use the new system as well.  Our downstairs guests are using the guest access, and they told us that it seemed faster than what they were using before.

Our Ring doorbell does not seem to like the Velop unit. But to be fair, I probably should have reconfigured the Ring in the location where it is used. For now, we can’t get a live view but it does send alerts. I will try again tomorrow.


McGraw-Hill and Peter H Gregory Partner to Publish CISM Study Guide

Peter H. Gregory


Seattle, WA – March 12, 2018 – Author Peter H. Gregory has announced that his latest book, “CISM Certified Information Security Manager All-In-One Exam Guide,” has just been published. The book will be available in paperback and electronic editions worldwide.

Peter H Gregory is a well-known author of books on many topics in information security, including certification study guides for CISSP, CISA, and CISM. He has authored over forty books in the past twenty years, beginning with “Solaris Security,” which he wrote in 1998-1999 in the midst of the dot-com boom when most servers on the Internet were powered by the Solaris operating system from Sun Microsystems, and when internet security was just becoming a concern.

“We’re pleased to have partnered with best-selling author Peter Gregory to create CISM All-in-One to support senior cybersecurity professionals who want to achieve this gold standard certification,” cites Wendy Rinaldi, Editorial Director for the International & Professional Group at McGraw-Hill Education. “The breadth of knowledge and experience needed to become a CISM is enormous, and our All-in-One series provides a complete study solution as well as reference for after the exam.”

Gregory has long been passionate about helping aspiring security professionals break into the information security profession. For eight years he was the lead instructor for the University of Washington professional and continuing education in a nine-month course on cyber security, helping mid-career IT professionals pivot into security careers.

“The fact that McGraw-Hill agreed to publish this book on the CISM certification is a testament to the prestige of this certification that was first released in 2002,” cites Gregory. “There is a critical shortage of program-level security professionals, and the CISM certification is the best mainstream certification on security management available today.” To date, over 30,000 professionals have earned the CISM, according to ISACA, the organization that manages CISM and other certifications.

About McGraw-Hill Education

McGraw-Hill Education is a learning science company that delivers personalized learning experiences that help students, parents, educators and professionals drive results. McGraw-Hill Education has offices across North America, India, China, Europe, the Middle East and South America, and makes its learning solutions available in more than 60 languages. Visit us at or find us on Facebook or Twitter.

About Peter H Gregory

Peter H Gregory is a career information security and technology professional who is an executive advisor and virtual CISO for clients in North America. He is the author of over forty books on information security and emerging technology. Visit him at

For interviews with Peter H Gregory, please contact at:

# # #

You are free to disseminate this news story. We request that you reference Peter H Gregory and McGraw-Hill and include our web addresses, and


Information Security and Business Continuity Planning Share Common Ground

An analysis of threats that are considered in most risk assessments should prompt the reader to think of natural and man-made disasters that, when they occur, invokes business contingency plans to assure continuity of critical services. It is not an accident that information security and business continuity planning have a lot in common.  Risk assessments are often designed to amply serve both efforts. Indeed, one may argue that business continuity planning is just a branch of information security – the common objective for both is the protection and availability of critical assets and functions.

— Excerpt from CISM All-In-One Study Guide


Leaving the Comfort Zone

travel destinations

Jumping out of one’s comfort zone

Early in my career, I had seemingly regular opportunities to learn new skills and technologies. It was interesting, for sure, and sometimes challenging, but rarely in ways that I would consider the least bit scary or risky.  It was just plain fun.

Several years into my career, I found that my learning curve was steepening. I was apparently seen to have some good skills, and the small company that employed me seemed fit to thrust me into new situations with little supervision. This included teaching computing classes to county commissioners, being responsible for obtaining computers half a world away for international conferences (in the 1980s this was no mean feat), being asked to attend client executive business meetings to explain the software that my company had provided – or explaining yesterday’s outage.

Then came public speaking. My first real speaking gig was in 1988 where a colleague and I were presenting to a large audience. Before PowerPoint, producing slides for a presentation was difficult. You PowerPoint weanies have it way too easy.

That first speaking gig was a disaster. A real train wreck. I was beyond nervous. I’m sure it showed. But at least I knew it was a clear fail. And I was determined to not let that happen again.

As luck would have it, just weeks later a friend of mine mentioned his local Toastmasters club. I had heard of Toastmasters, and feeling the sting of my recent public speaking failure, I jumped at the chance.

The next year at Toastmasters was hard work. I had terrible bad habits and no good ones. My club consisted of really seasoned speakers, including local city officials and business owners. Really senior guys. Safe and friendly. But full of criticism, of the constructive kind.

I was nervous in all of my Toastmaster speeches. I was really terrible but desperately wanted to improve. I had a glimpse of my career’s future where I would be speaking before audiences again, but I was determined to never fail like that again.

A few short years later, I was asked to teach Unix concepts and skills to co-workers in semi formal classroom settings. I prepared and was less nervous. I did okay.

A few years after that, I was invited to speak at a global user conference on the business benefits of some software products. I did this two years in a row, and even recorded promotional testimonial videos for the company. I’m not sure whether they were ever used, though.

A couple of years later, opportunities to speak at conferences began. First it was once a year, then twice a year. These were great learning opportunities. Generally I did well, and slowly accumulated experience and added skills. I felt like I was going places. Not big places, but places nonetheless.

Last year I had the opportunity to keynote a regional security conference. I had the freedom to select my speaking topic, at least. But this was the first time I was formally introduced to a big stage before hundreds. Moreover, this was in my city, where probably half the audience knew me by first name.

No pressure.


My animation acted up a bit, but I delivered.

FullSizeRender.jpgEight weeks later, I had another keynote opportunity to an even larger audience, around 800. Yes I was nervous. But I delivered fairly well. This was the first time I had “comfort monitors” (the big monitors down in front that I could look at, as opposed to turning around to look at the big screens behind me.

Wait, isn’t this supposed to be about my comfort zone?  Well yes, it has been all along.

Virtually all of my speaking gigs take me out of my comfort zone. Some, a little; others, quite a bit.

Two weeks ago, my boss’s boss called me up and asked if I would be interested in a speaking gig in Ottawa.  I told him, sure, sign me up.

Then we hung up. And I thought about it. And I realized, I don’t even know what I’ll be speaking about, to whom, or in what context. That was okay.

Yes it was okay.  Given the perspective of many years now, I realize that I thrive at the very edge, and often beyond, the boundaries of my comfort zone.

Public speaking is not the only context where I do this. In fact, every day when I’m asked to talk with a client, partner, or colleague, I almost never know what the conversation is going to be about. I might be praised in one conversation, bitched out in another, and asked my opinion in another.

So what am I getting at here?  Please be patient, I’m getting to it. This is not a rehearsed piece, but written stream of consciousness, much like an impromtu talk. Other than mis-spellings in mid-sentence, I’m not editing this.  These are my thoughts. Peter H Gregory unplugged.

For me this has been a great ride, the past few decades. I never know what’s around the corner. And that’s okay.

Those who know me know that I talk in metaphors a lot. Maybe too much. I liken my public speaking to bungee jumping. A few moments of terror, but what a ride. Only in my case, the chances of imminent death are remote. Embarrassment, or humiliation with no way out?  Absolutely. In any of my talks, whether keynote, small session, executive briefing, or a university class, I could blow it at any time and be a bufoon or worse.

It hasn’t happened since that first conference, many many years ago.

And it keeps happening. Today at 3:30pm I found out that I to give an executive briefing to a group of colleagues I’ve never met in person, tomorrow morning. Do I know exactly what I’m going to be talking about?  Somewhat.  Am I nervous?  Yes, somewhat.  Will it be okay?  Probably.

In high tech, if you want to grow, you’ve got to live on the edge of your comfort zone. Or near the edge anyway. Close enough so that you can see over the edge and see what potential failure looks like. Or gaze upward toward the brilliant blue sky and see what potential success looks like.

It’s worth it.


Neat Receipts Has Forgotten (or never knew) How to Earn Customer Loyalty

I’ve been a happy user of Neat Receipts for years, having purchased one of their portable scanners. It has worked pretty much  trouble free on PCs and Macs since I purchased it. But that was all about to change.

I upgraded my Mac to El Capitan a couple of months ago, and today needed to scan some diagrams that I’ll be using in an upcoming book. The Neat software did not recognize the scanner, so I went through the usual troubleshooting, including special steps on the Neat website for El Capitan users. Still, no luck.


I went to Neat’s customer support page, and found that their chat function was working (today is Saturday). I discussed the matter with the support rep, who asked me for the model of my scanner (it’s NR-030108). The rep told me that this model was no longer supported and would not work any longer. Oh great.  I asked whether there was any kind of a trade-in allowance, and he answered that there was not.

So, Neat has obsoleted my scanner.  I can get over it – it’s a part of the regular improvements in information technology. I get that. But, Neat is offering nothing in order to keep me as a customer.  There is nothing keeping me from considering other good products such as Fujitsu ScanSnap S1100i, for instance. In fact the Fujitsu is a little less expensive, it works with Mac, does everything I need, and has a slew of good online reviews.

Apparently Neat is going to just let me walk.


Assumption of Breach

A new way of thinking about security incident prevention and response, called Assumption of Breach, is leading security professionals to think differently about security incidents. Prior to assumption of breach, the popular mindset among security professionals was to prevent security breaches from occurring. With assumption of breach, security professionals adopt the mindset that one or more breaches have potentially occurred in their organizations, whether those breaches have been discovered or not.

In my opinion, this is a more realistic philosophy than prior ways of thinking. Adversaries wield advanced tools and techniques, and are often able to compromise networks with even advanced defenses. Assumption of breach also requires humility on the part of security managers and executives, who might otherwise believe that their networks are impenetrable.

– excerpt from CISSP Guide to Security Essentials, 2nd edition

For more information on the topic of Assumption of Breach: (free registration required)



It’s all about you

Clicking on used to take readers to an “About” page. Over the weekend, I’ve made a change on the site so that you’ll now see my latest posts. You can read more about me by clicking on the About link.

This aligns better with my mission, to serve my readers by helping them better understand information security and risk management. Now you’re one click closer to the information you need.