The original post: /r/cybersecurity by /u/ANYRUN-team on 2024-10-09 13:02:41.

Hey everyone! I’ve been thinking about the big gap between academia’s theoretical focus and the practical, immediate solutions needed in the field. Does anyone have ideas or experiences on how to bridge this gap?

The original post: /r/cybersecurity by /u/Immediate-Annual4505 on 2024-10-09 12:56:43.

For those of you who are in cloud sec engineering, how did you guys transition into it? What were some of the steps you took? I'm currently a cloud sec analyst (sole role is monitoring alerts) and want to get into the engineering side of the house. I've already taken several python and Terraform courses as well as earning the GCSA from GIAC.

In short, what was your career path and any tips for me in my current situation? Thanks!

The original post: /r/cybersecurity by /u/L015H4CK on 2024-10-09 12:27:56.

The original post: /r/cybersecurity by /u/Appropriate-Night758 on 2024-10-09 11:45:06.

Hello all, I am working as a SOC L1 analyst with 2.5 yrs of experience with a total tech experience of 4.5 yrs. I am currently looking for a job change and preparing for interviews.

I currently work on IAM, SOC using AD, Oka, Sentinel, Defender for my day to day tasks.

While preparing for interviews i came across Grace Nolan's interview prep github. There were many topics listed to study for an interview.

Is the material still relevant now, as I see that it was last updated some time ago. Seeing all the topics listed there i see that there is so much i don't know and much to learn to crack interviews. Also i am not sure how much of knowledge i should have on a specific topic like how much deeply i should know about any topic.

Please provide any tips/resources/info you have that can help me prepare for my interviews.

Thanks.

The original post: /r/cybersecurity by /u/CYRISMA_Buddy on 2024-10-09 11:05:22.

The original post: /r/cybersecurity by /u/CYRISMA_Buddy on 2024-10-09 11:03:55.

The original post: /r/cybersecurity by /u/Certain-Loquat-5668 on 2024-10-09 08:47:45.

I’m working on a new education initiative designed for the GRC community, and I’d love to get your thoughts on it before we launch. Your feedback will be incredibly valuable in shaping this project.

💡 The Idea: GRC Galactica – An Interactive GRC IQ Quiz with an Arcade Twist

The theming will be inspired by classic arcade-style games such as Space invaders, the quiz will feature 50 questions that cover everything from beginner basics to advanced GRC topics.

Highlights of the Game:

• Levels: The quiz will be divided into 4 levels – Cadet (Novice), Pilot (Intermediate), Commander (Advanced), and Veteran (Expert) – each with progressively tougher questions.
• Badges & Achievements: Players earn badges as they level up, with the ultimate goal of achieving the Veteran badge.
• Leaderboard: We’ll have a real-time leaderboard where players can see how they stack up against others in the cybersecurity community, earning bragging rights for their GRC IQ score.
• Retro Vibes: The game will have an old-school arcade aesthetic – pixelated graphics, retro sound effects, and a journey through the “Compliance Galaxy.”

Why We're Doing This:

• Filling a Gap: There’s currently no clear leader in GRC continuing education that makes learning engaging, practical, and free. Most GRC training is dry and prohibitively expensive.
• Practical Knowledge: The quiz isn't just about theoretical knowledge; we're focusing on real-world, practical applications of GRC principles to help professionals stay sharp.
• Community Involvement: We’re planning to involve senior CISOs and cybersecurity experts to contribute to and validate the quiz content, ensuring it’s relevant and up-to-date.

What We Want to Know from You:

The original post: /r/cybersecurity by /u/Any-Signature-5627 on 2024-10-09 08:13:27.

Thoughts on Island Enterprise Browser? We are considering trialing this and replacing our VPN solution however i do worry about protecting apps/traffic outside the browser.

The original post: /r/cybersecurity by /u/Zealousideal-Emu2667 on 2024-10-09 07:35:34.

What is the best Password Manager in your Company for your Opinion?

I heard good Things about Keeper.

The original post: /r/cybersecurity by /u/Wild_Bet4857 on 2024-10-09 04:29:39.

Hey guys quick and to the point: My goal is to become a security analyst. I have a computer science degree, a valid security+ certification (also google cyber security certificate but that doesn't mean much) and just recently finished the TryHackMe SOC Level 1 course. Where do you guys think I should go from here, cysa+ or blue team level 1 (or anything else). Any feedback is appreciated greatly!

The original post: /r/cybersecurity by /u/hacknewstech on 2024-10-09 03:09:51.

Original Title: As a fresher, I've received a job offer as a Technical Support Engineer at a reputable SSL certificate provider company. Should I accept it? Will I be able to transition into web security roles within 1-2 years?

Just need your advice!

The original post: /r/cybersecurity by /u/Fashion_fwd on 2024-10-09 00:54:19.

Hello InfoSec community,

I am a burnt out Sr. Threat Analyst that has been working in the SOC for the past 5 years. A little background I changed career paths into Cybersecurity 5 plus years ago and started working as a L1 analyst in a SOC as I heard that is a good starting point. I busted my butt working my way up to a L2 analyst, even have 9 months of being a SOC manager experience. I have a master's degree in cybersecurity, sec +, some vendor cloud certs, and got my CISSP earlier this year.

While it was a great learning experience working in a SOC as a threat analyst I feel like I have hit a wall. I work for a large MSSP and due to staffing shortages I have been doing mostly L1 work ( triaging alerts). I am so bored by the work and feel like I am on "auto-pilot" every day. Part of me feels like I am wasting my time as I am not learning anything new in my current position. However, I am not sure where to go from here. I've started looking for other jobs but have a bit of imposture syndrome when looking at the required skills/ years of experience in another cybersecurity domain. I can't help but feel like I am stuck in the SOC as that is where my experience lays.

Has anyone successfully transitioned from working as a threat analyst in the SOC into another area of cybersecurity?

Any advice would be greatly appreciated!

The original post: /r/cybersecurity by /u/zoro_roronoa-01 on 2024-10-08 22:46:41.

I am for city where cybersecurity is not that popular. And I am a beginner in the cybersecurity. I am so confused about my career about Cybersecurity (Offensive Security or Pentest). I don't have source to learn the advance things about it. Like how to get in someone system? And how they know which file is where? How they know which file is important (like name of file searching for)? And what tools should used in required situation?

I need help to understand how can I get into offensive security. So I want help and guidance so how can I get.

The original post: /r/cybersecurity by /u/Scared-Enthusiasm777 on 2024-10-08 21:46:03.

As I continue my degree path, I decided to spend my electives on learning a foreign language.

At first the obvious choice was Spanish, being a US citizen and all, but I am hoping to travel in the future with my work, preferable to Europe/Eastern Europe.

So now I am considering German, Polish, or Ukrainian.

I don't feel too uncomfortable with German, but I feel as a native English speaker that Slavic languages are a lot harder than other options available.

What language would have the most benefit in the field if I have aspirations to work internationally?

The original post: /r/cybersecurity by /u/sasko12 on 2024-10-08 21:27:20.

The original post: /r/cybersecurity by /u/CompSciGeekMe on 2024-10-08 20:51:11.

Here is a link to it: https://www.cisco.com/site/us/en/learn/training-certifications/certifications/ethical-hacker/index.html

Please feel free to share your thoughts

The original post: /r/cybersecurity by /u/LibrarianLiving7571 on 2024-10-09 04:38:25.

How can I get into LLM and genAI security domain? Is there any solid courses which teach this? Like pen tester path in HTB CPTS? I have gone through the OWASP for LLM.

The original post: /r/cybersecurity by /u/Humble-Breakfast2392 on 2024-10-09 03:38:36.

Hello, I am working for a fintech and I am looking for a way to automate the onboarding of internal users to make it fast, agile and secure. Do you know of any applications or software and I would also like to know what initiatives you have or know of for the blue/purple team?

The original post: /r/cybersecurity by /u/BeautifulBug6801 on 2024-10-09 02:25:04.

The original post: /r/cybersecurity by /u/Nearby_Maybe_2110 on 2024-10-09 01:38:41.

Hey everyone,

With AI agents popping up more in companies—especially across different teams and departments—I’ve been thinking about how we handle their security. These agents, built on large language models and hooked into various tools, have access to tons of data and can automate tasks like never before. But that also means they interact with way more systems than a regular employee might.

So, how do we keep them secure at every point?

Having worked in network and cyber security, I feel like we need to adapt our usual security measures for these AI agents. Things like authenticating and authorizing the agents themselves, logging what they do, maybe even using multi-factor authentication when they access different datasets. If their actions vary a lot, context-driven security could help too.

The goal is to use our existing security setups but apply them in new ways to these agents as they become more common and start interacting outside the company too.

What do you all think? How should we be securing AI agents in our workplaces?

The original post: /r/cybersecurity by /u/eawtcu15 on 2024-10-09 00:18:20.

So I recently accepted a position as a SOC analyst type role and wanted to see if there are any resources to prepare me. Some background on myself: been working in cyber compliance/risk management for the past 3 years as a federal contractor and just passed the CySA+ certification (in addition to Sec+). Most of my background is in governance, specifically policy development and compliance coordination. I don't have a ton of tech experience outside of basic log reviews, asset management, and CLI exposure through exams. Role is fairly vague in terms of what the actual day-to-day operations will be so want to make sure I can at least cover some bases so I'm not too lost.

The original post: /r/cybersecurity by /u/Level_Emotion_4415 on 2024-10-09 00:03:12.

The original post: /r/cybersecurity by /u/DrobnaHalota on 2024-10-08 22:34:20.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-08 21:28:28.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-08 21:03:19.