cybersecurity

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-08 21:01:43.

The original post: /r/cybersecurity by /u/Own-Holiday-5741 on 2024-10-08 19:24:14.

Title says it. I’m a appsec engg and one of the biggest pains is tracking everything (such as network diagrams, threat models, scanned vuln results, etc) through a tedious ticketing system (we use Jira) and making sure we also capture info/details the right way so it’s complaint as per audits.

Is there anything else to use aside from Jira? Or any new ideas of tooling to make the tracking easier?

The original post: /r/cybersecurity by /u/honestyandhoes on 2024-10-08 19:17:53.

I'm worried because the same day I told him, my supervisor helped me finish some work he assigned me and I feel like it was because he thought I was being slow on the assignment. And I'm just stressed right now.

The hiring manager ended up saying I didn't have enough years of experience anyway but I didn't want this coming back to me if the hiring manager talked to my current one about it.

The original post: /r/cybersecurity by /u/Anoxium on 2024-10-08 18:50:13.

Hello everyone,

i was tasked at work to create a powerpoint type of thing to educate people at work about cyber security. This would include people from accounting, janitors, hr, administrative people, professors, assitents ... People with all degrees of education and knowledge. The task fell to me because i am currently going through the Google cybersecurity professional certification in my free time, and that made me the most qualified to do this. Sad, i know.

So since I need to cover basic stuff for people who barely know how to find the space key on the keyboard and for professors that teach software development, i was wondering about topics and how in depth is ok to go. It needs to be general purpose so ALL employees understand it, but also good enough to be of at least some help to everyone.

Ideas are very welcome and appreciated! What to cover, what not (due to complexity or whatever other reason). The point would be to teach people about phishing, trojans, viruses, malware, don't click on links in emails from shady sources, clean your browser cookies, don't use the same password for everything, those sort of things...

The original post: /r/cybersecurity by /u/twrolsto on 2024-10-08 18:35:12.

So,

I have a request from a project to point them at a secure, online, PDF editor that can merge/split files as well as convert pictures into PDFs

Of course they want it free (yeah, I know) oh, and, on occasion, there may be PII involved (because of course there is).

On the plus side, if there're no good free options, they'll consider paid ones so if you have any recommendations for online, secure, paid options I'll take those too.

I figure it's an exercise in futility but, just in case someone has already done the impossible....

The original post: /r/cybersecurity by /u/NISMO1968 on 2024-10-08 10:46:27.

The original post: /r/cybersecurity by /u/GSaggin on 2024-10-08 09:56:38.

The original post: /r/cybersecurity by /u/Right-Influence617 on 2024-10-08 08:36:31.

At The Cipher Brief's Threat Conference, Gen. Timothy Haugh called for ‘whole-of-nation response’ to China challenge.

The original post: /r/cybersecurity by /u/TheAfricanMason on 2024-10-08 16:49:15.

So, I've recently been contacted by a recruiter for an upcoming government contractor specializing in weapon manufacturing for an IT Security Manager position. I come from a background with sysadmin experience of 6-7ish years and multiple certs including one for PenTest+. I nailed the first round and am proceeding to the second. I received the company and CEO's names via the 2nd round interview invite. So, I immediately started digging.

I found his, wife's, and parents' socials wide open with all of their info, likes, and interests. I figured I could make the interview a bit interesting when they ask "How much do you know about the company?" I could spout off all the company info and then also start spouting super personalized details about the CEO such as favorite drink, kid's grade level, music interest, psych topic interests, and hobbies for shock value. On one hand, this could be impressive since you'd want to know where to seal this issue up and it shows I can find a bit more than just corporate vulnerabilities,but also information for spear fishing or "whaling".

On the other hand, this could also be perceived as immensely creepy and he'd not want to move forward. So, then I'm in a moral dilemma because I know this information and I could very well use it to "mirror" the executive so, he has a natural positive bias towards me. This would definitely be unethical, but that's the reality of the modern age. Most positions are selected off personality and not so much merit in the corp world.

Anyways knowing all this what is your opinion? Should I use this info for one of these methods? Should I disregard them completely? What are your opinions on using OSINT information to move up in your career?

The original post: /r/cybersecurity by /u/IamMyQuantumState on 2024-10-08 16:23:14.

I'm a mid career cybersecurity engineer with CISSP and other 2nd tier certifications. My day job is basically 100% on site and there's no opportunity for extra hours. My sisters work in nursing and can get extra hours as much as they like.

I'm trying to save money for an overseas trip so I was looking for an after hours job. It seems that there are ZERO obvious positions for evening part-time remote work / 1099 on-call jobs.

Am I looking in the wrong place? No virtual SOCs have openings for after-hours relief work.

I like the idea of tending bar, but I'd rather stay in my field.

Any advice / suggestions are appreciated.

The original post: /r/cybersecurity by /u/PastTechnician7 on 2024-10-08 15:48:02.

Hey,

Was wondering the background of people in cybersec. I know that people with accounting background tend go into systems auditing. Does anyone know of finance people moving in. I have sec+ & CCSK which I took during undergrad. Any insights?

The original post: /r/cybersecurity by /u/GroundbreakingWay178 on 2024-10-08 15:38:54.

I’m two years into my cybersecurity career and about to attend my first cybersecurity networking event. I currently work as a SOC analyst for a private company and would love advice on how to navigate the event successfully. What are some dos and don’ts to keep in mind? Also, what key topics or questions should I focus on to make meaningful connections and expand my professional network in the cybersecurity field?

The original post: /r/cybersecurity by /u/FloraTechie on 2024-10-08 15:34:42.

The original post: /r/cybersecurity by /u/Forsaken-Evidence590 on 2024-10-08 15:28:01.

Hey everyone!

Our startup has a small team of 5, and we're looking for recommendations for an ideal security setup to ensure data protection and control over device applications. Here are the key requirements:

1. DLP (Data Loss Prevention): We need a solution that allows us to monitor and prevent unauthorized data access or leaks.
2. Application Control: We want to have control over which applications users can install on their devices, and be able to track what's currently installed.

If you have experience with any security suites or specific setups that work well for a small team like ours, we'd love to hear your thoughts and recommendations! Ideally, we're looking for something that's easy to manage but provides strong protection and control.

Thanks in advance!

The original post: /r/cybersecurity by /u/Wellinst on 2024-10-08 15:18:45.

Hi, does somebody know where I can find any resources to learn cybersecurity best practices when developing web apps without going too in depth into network cybersecurity?

I want to learn what to do and what not to, if possible, with code examples.

The original post: /r/cybersecurity by /u/Lord_of_Lothric on 2024-10-08 14:58:16.

Hi folks. Looking to see if anyone has switched from a more traditional MDR package to Falcon Complete, and to see what kind of experience that was. I already have Falcon EDR, so the sensor is already deployed an all my endpoints.

For those who have made this swap, have you noticed an increase or reduction in noise, or has the service and tuning process been relatively the same? Has the managed response portion met your expectations?

In my case, I'm anticipating a savings of 25-30% of my current spend on MDR and CrowdStrike. It seems like a no brainer to me, but I wanted to see if anyone had issues with their Falcon Complete experience.

Thanks!

The original post: /r/cybersecurity by /u/rfrmdguy on 2024-10-08 14:22:59.

Recent issues with our (Insert cloud based file sharing solution to protect the innocent) shared files having their locks getting stuck has forced us to look at what could be the problem. When asked to assist in the resolution Autodesk pointed us to their helpful configuration How-To, which is just excluding all their file types. What could possibly go wrong with this request? In all seriousness, how is the answer to a file locking issue to just exclude all their file types? https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Are-there-antivirus-exclusions-I-can-implement-to-make-programs-run-better.html

The original post: /r/cybersecurity by /u/BeatClear949 on 2024-10-08 13:45:22.

In the Pearson&VUE condition page, they state that the last name of the profile must be identical to the one on two IDs.

The Profile has my last name in lower case, but my passports have it in upper case.

Will I still be able to pass the exam?

The original post: /r/cybersecurity by /u/Empty-Acanthaceae678 on 2024-10-08 13:29:19.

Dears,

I am currently working at a mid sized organization as a cybersecurity engineer, the environment is pretty chill and we're all friends, however i think the experience is really basic.

I got an offer at Ingram Micro for a presales position with a back of sales in their cybersecurity department. The base salary is 150$ less than my current salary however there is a 750$ commission each month starting 2 months from now.

However i wanna ask you should i take the move? I am looking to settle in dubai in the next year will this give me higher chance to do this move?

The original post: /r/cybersecurity by /u/CYRISMA_Buddy on 2024-10-08 13:19:53.

The original post: /r/cybersecurity by /u/InspectionHot8781 on 2024-10-08 12:53:08.

With next year’s budgets in mind, what are some of your main focuses for 2025? I've heard different opinions/approaches, but curious to hear what you are focusing on. Is there anything that seems to be getting less attention? And, most importantly, have you noticed anything negatively impacting your security posture?

The original post: /r/cybersecurity by /u/cytidel_gary on 2024-10-08 12:50:47.

The original post: /r/cybersecurity by /u/CaptainWoofOnReddit on 2024-10-08 08:48:20.

I've been unable to make a decision.

I've been looking to get into cybersecurity, and right now I have 2 options open - an "offensive security engineer" at a company, and a "tester" at a cybersec educational company. I want to get into offensive security. Thing is, the latter company probably would want an answer in 2 weeks, whereas the first company's interview (the last round) is in 3 weeks.

My job as a "tester" would be to test courses put up on their platform, which means reading through the material and suggesting edits, and then following along on interactive labs to see if the material can be reasonably followed to achieve the objectives. I would also need to "sit with the customers" in certain cases. The educational materials are both offensive and defensive security. As I progress, my role would go on to not just be a "tester", but also be a "room/challenge creator".

My question is, would I be shooting myself in the foot if I take this role? I prefer more practical/active roles, and I'm wondering if this will set my career away from it. Any advice is appreciated.

The original post: /r/cybersecurity by /u/ThrowRA781781 on 2024-10-08 07:47:22.

Does ChatGPT ever truly delete your info?

In the chat it says if I delete the account, after 30 days all the convos will be deleted from servers and in case anyone ever hacks OpenAI, they won't be accesible. But how true is that?

The original post: /r/cybersecurity by /u/Nice_Donut4328 on 2024-10-08 07:14:01.

I am working in PC vulnerabilities team. My team lead performs most of the deployment, the vulnerabilities that are not addressed through patches and deployment come to me for manual remediation (most of them are security updates and remote code executions). I remote into the user PC and solve the issue. My manager is forcing me to come up with new ideas to reduce the workload and automate the process. As a fresher I am not able to think of anything new. Please help!!