Category Archives: Blog

Linksys Velop, Day 36

It’s been over five weeks since I installed our Linksys Velop 3 node WiFi mesh system.  Despite the somewhat rocky start, WiFi performance in our two-story mid-century home has been fantastic. We moved the main upstairs living room TV to the Velop last week, and like everything else in our home, it has performed flawlessly.

We have not had to reconfigure, reset, restart, or change anything, anywhere, since day 1.

We have only a couple of devices left to move over to the Velop system, at which point our old WiFi system will sit unused for another few weeks before we power it down and eventually remove or repurpose it.

Contributors to CISM Exam Guide

My latest book, CISM [Certified Information Security Manager] Exam Guide – published by McGraw-Hill, was released a couple of weeks ago. I need to give a much-deserved shout-out to several individuals who were instrumental in getting this book written and completed.

  • Carole Jelen – my literary agent. If you want to write a tech book, or if you have written tech books but don’t have an agent, look her up.
  • Wendy Rinaldi, Editorial Director for the International & Professional Group at McGraw-Hill Education, and sponsoring editor for this book. She performed executive oversight for the entire authoring, editing, and production process.
  • Claire Yee, Acquisition Coordinator, who managed the project from week to week.
  • Jody MacKenzie, Editorial Supervisor, who managed the editing process.
  • Vivek Khandelwal of Macmillan Publishing Services, Ltd., who managed the entire copy editing process.
  • Kim Wimpsett, Copy Editor, who made sure that spelling, grammar, and tone were correct and consistent.
  • Richard Camp, Proofreader, who ensured that copy editing was done correctly.
  • Jack Lewis, Indexer, who produced the index for the book.
  • James Kussow, Production Supervisor.
  • Jeff Weeks, Art Director, who oversaw the creation of the draft and final cover art.
  • Jay Burke, Tech Reviewer and a former colleague of mine, who served as my right-hand man and subject matter expert in all things related to information security management. At my request, Jay wrote many examples, and generally made sure that everything in the book was correct, complete, and made sense.

There are many more at McGraw-Hill and elsewhere whose attention to quality has resulted in a high-quality book that will help aspiring information security managers learn more about the profession and earn their Certified Information Security Manager (CISM) certification.

Linksys Velop: Day 2

Pretty uneventful really. No problems since Day 1. Macbooks, iPhones, television are all working well.

Main Velop unit in upstairs hallway. Note temporary black Ethernet patch cord connection.

Velop LEDs are still red. I did a “send feedback” on the mobile app but don’t really expect an answer. I will do an online chat some time this week.

The dashboard is happy. Last night I inventoried the devices connecting to the Velop system and identified all of them. Our guests have a couple of devices I can’t identify; I think one is an X-Box and the other might be an Android phone. Both show up as “network devices.”

I successfully got live views from the Ring doorbell that I logically moved over to the Velop. This is highly important to us, so I’ll be keeping a close eye on it.  We have a second Ring doorbell that is still on the old Linksys repeater that I’ll swing over later this week if the first Ring unit remains happy.

Front door view from Ring

Linksys Velop: Day 1

WiFi in our mid-century split level home has never been pleasant. Built with heavier framing and flooring materials than are used today, compounded by a massive brick chimney that acts like a blockade across the middle of the home, WiFi signals have a hard time getting around.

We are Xfinity broadband customers, and the service has been highly reliable. We have used a mid-grade Linksys access point on 2.4 and 5 GHz, with Linksys repeaters at each end of the home to get signal into the entire home. All these are on the main level; downstairs suffers a bit but it’s not too bad.

I have a detached home office out back, connected by a hard Ethernet line and an Apple Airport Time Capsule for WiFi and backing up my three Mac computers.

Back to the main house. The real problem with WiFi was that we have to connect to different access points depending on where we are in the house.  WiFi signals overlap, so often we’d be on one access point with a really weak signal and poor throughput, and would have to manually reconnect to a closer access point for better performance.  I was growing weary of this.

I’ve been reading reviews (such as this one, and another from PC Magazine) of Grid WiFi systems for months, and put my money down on a Linksys Velop system.

I unboxed the system yesterday and started to set it up. I put the first one in the upstairs hallway on a table, where I could run an Ethernet connection back to the Xfinity modem and where there was power nearby. I downloaded the mobile app (which you must use for setup).

I ran into what is apparently a bug in the setup program, the access points, or both. The Linksys unit should have received a DHCP address from the Xfinity modem, but it didn’t know that it did, and it complained that it did not have an Internet connection.  I struggled with this for over an hour. I finally assigned a fixed IP address to the first Velop unit, and confirmed on the Xfinity modem that it was indeed connected.  However, the Velop unit bitterly complained that there was no Internet connection. Frustrated, I finally decided I was going to ignore this for the moment and proceed with configuration of the Velop unit anyway. I configured the SSID, guest wireless, and other settings. The mobile app was really great for this, and made it really easy.

So here was the surprise. After setting up the first Velop unit, its LED glowing bright red, meaning, no internet connection.  But I thought, what the heck, and I connected to it anyway. I went to my favorite speed test site,, and voila, I was in fact connected to the internet and was getting great throughput (82Mbit/s on my 80Mbit/s service).  The Velop unit’s red LED says one thing, although the mobile app did say everything was fine.

I proceeded to set up the other two Velop units. The mobile app guided me through this and it was a breeze. Each unit took just 5-10 minutes, including downloading the latest firmware updates automatically.

The LED unit on each unit glows bright red, but the system is working pretty well.

I configured two of my Macbook Pros to use the new WiFi, as well as my iPhone. My wife reconfigured the master bedroom television to use the new system as well.  Our downstairs guests are using the guest access, and they told us that it seemed faster than what they were using before.

Our Ring doorbell does not seem to like the Velop unit. But to be fair, I probably should have reconfigured the Ring in the location where it is used. For now, we can’t get a live view but it does send alerts. I will try again tomorrow.

McGraw-Hill and Peter H Gregory Partner to Publish CISM Study Guide

Peter H. Gregory


Seattle, WA – March 12, 2018 – Author Peter H. Gregory has announced that his latest book, “CISM Certified Information Security Manager All-In-One Exam Guide,” has just been published. The book will be available in paperback and electronic editions worldwide.

Peter H Gregory is a well-known author of books on many topics in information security, including certification study guides for CISSP, CISA, and CISM. He has authored over forty books in the past twenty years, beginning with “Solaris Security,” which he wrote in 1998-1999 in the midst of the dot-com boom when most servers on the Internet were powered by the Solaris operating system from Sun Microsystems, and when internet security was just becoming a concern.

“We’re pleased to have partnered with best-selling author Peter Gregory to create CISM All-in-One to support senior cybersecurity professionals who want to achieve this gold standard certification,” cites Wendy Rinaldi, Editorial Director for the International & Professional Group at McGraw-Hill Education. “The breadth of knowledge and experience needed to become a CISM is enormous, and our All-in-One series provides a complete study solution as well as reference for after the exam.”

Gregory has long been passionate about helping aspiring security professionals break into the information security profession. For eight years he was the lead instructor for the University of Washington professional and continuing education in a nine-month course on cyber security, helping mid-career IT professionals pivot into security careers.

“The fact that McGraw-Hill agreed to publish this book on the CISM certification is a testament to the prestige of this certification that was first released in 2002,” cites Gregory. “There is a critical shortage of program-level security professionals, and the CISM certification is the best mainstream certification on security management available today.” To date, over 30,000 professionals have earned the CISM, according to ISACA, the organization that manages CISM and other certifications.

About McGraw-Hill Education

McGraw-Hill Education is a learning science company that delivers personalized learning experiences that help students, parents, educators and professionals drive results. McGraw-Hill Education has offices across North America, India, China, Europe, the Middle East and South America, and makes its learning solutions available in more than 60 languages. Visit us at or find us on Facebook or Twitter.

About Peter H Gregory

Peter H Gregory is a career information security and technology professional who is an executive advisor and virtual CISO for clients in North America. He is the author of over forty books on information security and emerging technology. Visit him at

For interviews with Peter H Gregory, please contact at:

# # #

You are free to disseminate this news story. We request that you reference Peter H Gregory and McGraw-Hill and include our web addresses, and


Information Security and Business Continuity Planning Share Common Ground

An analysis of threats that are considered in most risk assessments should prompt the reader to think of natural and man-made disasters that, when they occur, invokes business contingency plans to assure continuity of critical services. It is not an accident that information security and business continuity planning have a lot in common.  Risk assessments are often designed to amply serve both efforts. Indeed, one may argue that business continuity planning is just a branch of information security – the common objective for both is the protection and availability of critical assets and functions.

— Excerpt from CISM All-In-One Study Guide

Leaving the Comfort Zone

travel destinations

Jumping out of one’s comfort zone

Early in my career, I had seemingly regular opportunities to learn new skills and technologies. It was interesting, for sure, and sometimes challenging, but rarely in ways that I would consider the least bit scary or risky.  It was just plain fun.

Several years into my career, I found that my learning curve was steepening. I was apparently seen to have some good skills, and the small company that employed me seemed fit to thrust me into new situations with little supervision. This included teaching computing classes to county commissioners, being responsible for obtaining computers half a world away for international conferences (in the 1980s this was no mean feat), being asked to attend client executive business meetings to explain the software that my company had provided – or explaining yesterday’s outage.

Then came public speaking. My first real speaking gig was in 1988 where a colleague and I were presenting to a large audience. Before PowerPoint, producing slides for a presentation was difficult. You PowerPoint weanies have it way too easy.

That first speaking gig was a disaster. A real train wreck. I was beyond nervous. I’m sure it showed. But at least I knew it was a clear fail. And I was determined to not let that happen again.

As luck would have it, just weeks later a friend of mine mentioned his local Toastmasters club. I had heard of Toastmasters, and feeling the sting of my recent public speaking failure, I jumped at the chance.

The next year at Toastmasters was hard work. I had terrible bad habits and no good ones. My club consisted of really seasoned speakers, including local city officials and business owners. Really senior guys. Safe and friendly. But full of criticism, of the constructive kind.

I was nervous in all of my Toastmaster speeches. I was really terrible but desperately wanted to improve. I had a glimpse of my career’s future where I would be speaking before audiences again, but I was determined to never fail like that again.

A few short years later, I was asked to teach Unix concepts and skills to co-workers in semi formal classroom settings. I prepared and was less nervous. I did okay.

A few years after that, I was invited to speak at a global user conference on the business benefits of some software products. I did this two years in a row, and even recorded promotional testimonial videos for the company. I’m not sure whether they were ever used, though.

A couple of years later, opportunities to speak at conferences began. First it was once a year, then twice a year. These were great learning opportunities. Generally I did well, and slowly accumulated experience and added skills. I felt like I was going places. Not big places, but places nonetheless.

Last year I had the opportunity to keynote a regional security conference. I had the freedom to select my speaking topic, at least. But this was the first time I was formally introduced to a big stage before hundreds. Moreover, this was in my city, where probably half the audience knew me by first name.

No pressure.


My animation acted up a bit, but I delivered.

FullSizeRender.jpgEight weeks later, I had another keynote opportunity to an even larger audience, around 800. Yes I was nervous. But I delivered fairly well. This was the first time I had “comfort monitors” (the big monitors down in front that I could look at, as opposed to turning around to look at the big screens behind me.

Wait, isn’t this supposed to be about my comfort zone?  Well yes, it has been all along.

Virtually all of my speaking gigs take me out of my comfort zone. Some, a little; others, quite a bit.

Two weeks ago, my boss’s boss called me up and asked if I would be interested in a speaking gig in Ottawa.  I told him, sure, sign me up.

Then we hung up. And I thought about it. And I realized, I don’t even know what I’ll be speaking about, to whom, or in what context. That was okay.

Yes it was okay.  Given the perspective of many years now, I realize that I thrive at the very edge, and often beyond, the boundaries of my comfort zone.

Public speaking is not the only context where I do this. In fact, every day when I’m asked to talk with a client, partner, or colleague, I almost never know what the conversation is going to be about. I might be praised in one conversation, bitched out in another, and asked my opinion in another.

So what am I getting at here?  Please be patient, I’m getting to it. This is not a rehearsed piece, but written stream of consciousness, much like an impromtu talk. Other than mis-spellings in mid-sentence, I’m not editing this.  These are my thoughts. Peter H Gregory unplugged.

For me this has been a great ride, the past few decades. I never know what’s around the corner. And that’s okay.

Those who know me know that I talk in metaphors a lot. Maybe too much. I liken my public speaking to bungee jumping. A few moments of terror, but what a ride. Only in my case, the chances of imminent death are remote. Embarrassment, or humiliation with no way out?  Absolutely. In any of my talks, whether keynote, small session, executive briefing, or a university class, I could blow it at any time and be a bufoon or worse.

It hasn’t happened since that first conference, many many years ago.

And it keeps happening. Today at 3:30pm I found out that I to give an executive briefing to a group of colleagues I’ve never met in person, tomorrow morning. Do I know exactly what I’m going to be talking about?  Somewhat.  Am I nervous?  Yes, somewhat.  Will it be okay?  Probably.

In high tech, if you want to grow, you’ve got to live on the edge of your comfort zone. Or near the edge anyway. Close enough so that you can see over the edge and see what potential failure looks like. Or gaze upward toward the brilliant blue sky and see what potential success looks like.

It’s worth it.