cybersecurity

The original post: /r/cybersecurity by /u/kiroxan on 2024-10-07 16:15:20.

Hello ,

I'm working on a security companion for apps that lets you chat with your application's logs/traces , i'm looking for a set of questions that may come to your minds that would either help investigate an issue or detect malicious behavior via alerting.

I will combine all the questions and make sure the tool respond to most top of mind questions first.

Thank you for your help,

The original post: /r/cybersecurity by /u/Coder_Koala on 2024-10-07 16:14:07.

Any good book for this?

The original post: /r/cybersecurity by /u/VladirMP008 on 2024-10-07 16:03:22.

Hello Everyone,

I wanted to know if anyone in here is using Vulscan and they are PCI DSS compliant. Does Vulscan has authentication scan?

The original post: /r/cybersecurity by /u/iYassr on 2024-10-07 16:02:33.

Learning by doing is the ultimate type of learning

Especially in cybersecurity space, people focus too much on certifications(Which is good) but is there something else?

Want to know how sql injection work? Just develop a simple vulnerable app and try to exploit it

Want to learn linux?

Maybe use it as your daily driver for a while Cloud? Setup a cloud account and examine it

Kubernetes? Have a cluster on your cloud account and try to deploy ready made apps

From my experience, learning by doing is more interesting and fun, what you learn sticks forever.

Understanding is also becomes way deeper,

No matter how much I read about ldap protocol, I haven’t been able to grasp it until I tried integrating with it.

Let’s say you want to deploy your own lab in the cloud or at your home:

First you need to go through networking(IPs, Layers, DNS)

Now you need to deploy an application? Go through deployments (Operating systems, apache server, ..)

Now you need to protect your app? Maybe deploy a firewall, IDS, WAF, encoding..

Now you need a secure remote access?

You’ll deploy a VPN solution This type of knowledge is instinctive,

it fuels curiosity and I think it’s more valuable in creating a solid basics that will you set you apart in your career.

While everyone is doing the same, you become different.

This doesn’t discard theory and reading and other resources, but to create an environment where you mix them both.

my 2 cents.

The original post: /r/cybersecurity by /u/mysecret52 on 2024-10-07 15:30:12.

I'm a security engineer right now (I have a total of 3 years of experience) and I found a job posting for my current company for "Linux Systems Engineer". The pay looks to be higher, and it's asking for prior programming experience, server hardening, VMware experience, and experience with containers (as well as a couple other Red Hat related items). I have created scripts in my current role and have worked with hardening systems. I also have a Red Hat certification and I'm awesome at Linux so I want to apply but I'm scared. What do you guys think?

The original post: /r/cybersecurity by /u/Finx_X on 2024-10-07 15:26:09.

Original Title: Does anyone know what will give me the best opportunity to move from the uk to the usa (for permenant residency) in the cyber security field? currently doing my A levels (in computer science etc) but what path would i need to take for the best chance to be relocated?

E.g would joining a uk company with us presence be my best chance? or applying for visas or what?

Much appreciation for anyone who helps me!

The original post: /r/cybersecurity by /u/Extreme-Lavishness62 on 2024-10-07 15:02:53.

I am confused on what governance really means here? Like having policies, adhering to frameworks, etc. The thing is when I look into GRC tools, most of them are like we will get you SOC2 compliant, or ISO compliant all at one place, how are these handling governance part of the process, like risk and compliance comes under this? Is there something specific which covers governance, plus what is all these modern GRC tools? How they are claiming to be modern? Please help as I am confused about these tools, need to choose a tool for small sized company, do they even need it? Like management told our team to handle GRC? Can we somehow manage it internally or need to buy a tool, We are already doing risk analysis on some assets, and compliance activities using simple spreadsheets, like gap analysis, and other registers etc. I don't know what exactly this GRC thing is, are these tools justified

The original post: /r/cybersecurity by /u/support_telecom127 on 2024-10-07 15:02:04.

Good morning friends.

I am thinking of signing up to take the Security Blue Team Level 1 exam, however, I have some questions about the exam.

I have read in forums that the exam is theory and practice, but, does the final exam have a duration (the exam is supervised)? Is there a limit on the score to pass? .

Could you tell me about your experience and how was your process when you started the course? On the other hand, does the course only have one language available?

The original post: /r/cybersecurity by /u/urosperko on 2024-10-07 12:43:19.

The original post: /r/cybersecurity by /u/athanielx on 2024-10-07 12:31:07.

Hi there,

We have the intention to get rid of passwords and implement passwordless. Currently, we are using Microsoft Entra ID.

Entra ID offers a variety of authentication options, including FIDO2 Passkeys, which can be stored in the Microsoft Authenticator App, Windows Hello, or via Microsoft Authenticator App Push notifications. There are also integration capabilities for macOS, though the device must be enrolled in Intune to be compatible.

Additionally, Conditional Access policies allow you to block authentication methods that require entering a username and password.

I'm curious about which authentication method you’ve implemented and any challenges you've encountered.

Our goal is to purchase separate physical security keys for administrators, while allowing other employees to use their personal phones as a key (key vault) for authentication or login via Microsoft Authenticator App Push notifications.

The original post: /r/cybersecurity by /u/mysecret52 on 2024-10-07 12:13:42.

I'm 25. I'm at the first level of my position and I've been working here for almost 2 years (I have a total of 3 years of full-time experience). At my last meeting with my boss several months ago, I asked him what it takes to be promoted to the 2nd level and all he said was that "it just takes time, depends how long you're here" (He's said this before at another meeting last year too).

A coworker who started the same time as me has gotten promoted last month to the 2nd level, and so has another coworker (this one has been here an extra 7 months longer though). I was looking at opportunities on the company site for internal transfers and I found a posting for the 2nd level. Several of the adjacent teams have the same position title so I'm not sure if it's for our team or for any of the other ones.

At work, I do whatever my supervisor tasks me with, and I'm also working on another coworker's task once a month (over a weekend because it's a weekend shift), and starting to work with another coworker on a project he's been doing. My boss hasn't really given me much constructive feedback before at meetings (he usually says I'm doing "great"). I guess if I had to go off of my own analysis, I think I'm slow at work and maybe they also want someone who's more proactive and can find their own tasks? Not sure. Any thoughts?

The original post: /r/cybersecurity by /u/ImprovementOld3425 on 2024-10-07 11:51:52.

Hello as mentioned in the title I am a teacher in a "third world country" university and my students are eager to learn more technical details about cyber security and get more practical because our curriculum is more therotical than anything else unfortunately, but I want them to get Hands on. Is there anything I can do or apply to get them free subscriptions in any platform that offers these services. Thank you all for any response.

The original post: /r/cybersecurity by /u/Classic_Sink_1188 on 2024-10-07 10:30:26.

So I'm trying to learn the ropes from the bottom. My project is to take a raspberry pi 5 pc with debian and get on hack the box. Is this system good enough to even attempt? I don't have alot of money so a new laptop is out..and this seems kind if fun and a good learning lesson.

The original post: /r/cybersecurity by /u/TwoSharpCircles on 2024-10-07 08:54:52.

Hey guys - I'm looking to start mentoring those who are trying to get into the field, specifically those who are looking to get into security engineering.

I have fumbled around, waited on companies I've worked for to give me engineering work or make me an engineer and it just never happened so I figured it out myself. I want to help smooth the road out for some of you who are wondering how to make the transition.

This won't just be a - "Oh get this certification and you'll be set!" It will be much more than that because nothing is ever as simple as getting a certification. This field is a fucking slog.

About me

I have about five years of experience in the field and I'm a senior security engineer.

I'm new to this but hey, it's free.

When

I'll be starting up in November.

I'm in one of the 'roo time zones so you'll have to deal with awkward scheduling times.

Interested?

Just shoot me an inbox.

The original post: /r/cybersecurity by /u/Mountain_Ad_8525 on 2024-10-07 07:49:03.

We've been having an issue where a script we use will reactivate any Google account we deactivate from the admin console. So instead, if we suspect possible compromise, we've taken to resetting passwords (to a random one) and locking them out of their gmail account that way. Is there any downside to this method vs deactivation?

The original post: /r/cybersecurity by /u/Minatokamikaze7 on 2024-10-07 06:49:02.

Hello guys, well currently I am working in company where they are setting up the cyber domain. So, as in our team, we are only 3 members who are working and we all are freshers and don't have cybersecurity industry experience. When we joined the company they told us they would hire the seniors but now they are telling us that they can't able to find which is a very surprising thing, to be honest. They want us to set up whole cybersecurity domain but they don't want purchase and invest in cyber security tools and stuffs instead they tell us to do with free tools available. So, as freshers we don't have much experience and don't know basically how industry works and we feel sometimes that we need guidance but there is no one here to guide us. So I was curious to ask should I continue here for the experience or I am taking risk on my career as by continuing this job. Any suggestions and thoughts?

The original post: /r/cybersecurity by /u/Intelligent_Bite_394 on 2024-10-07 06:31:12.

Hello Everyone!

If you're pursuing a career in Cybersecurity or looking to validate your skills, certifications are a game-changer.

Edureka has just released a video that breaks down the Top 5 Cybersecurity Certifications to help you stay ahead in the field!

What’s inside:

CEH (Certified Ethical Hacker)

Security+

CISSP (Certified Information Systems Security Professional)

OSCP (Offensive Security Certified Professional)

GPEN (GIAC Penetration Tester)

Check out the video and let me know which certification you think is the most valuable! Drop your feedback or suggestions in the comments – I’d love to hear from you!

Watch the full video here: https://youtu.be/2iF_S9-OVMI

#Cybersecurity #CybersecurityCertifications #Certifications #CEH #SecurityPlus #CISSP #OSCP #GPEN #EthicalHacking #PenetrationTesting #CareerInCybersecurity #edureka

The original post: /r/cybersecurity by /u/jwizq on 2024-10-07 06:30:26.

The original post: /r/cybersecurity by /u/Environmental_Age_11 on 2024-10-07 05:00:32.

The requirements say I have to be doing cs, comp engineering, elec engineering, cybersecurity(tech track), data science or math. I’m an IT major minoring in critical intelligence studies, am I just screwed since it doesn’t list IT?

The original post: /r/cybersecurity by /u/Medical-Lawyer7691 on 2024-10-06 23:18:31.

I've a chance to join a L1 SOC role( got this wit my 2 yrs NOC exp) or I can join a MNC's cyber security graduate program which is a 2 year program with rotation within different teams with training(currently Iam a cyber security master's student). So which could be a better option guys, any kind of POV's would be appreciated.

Thanks in advance ☺️

The original post: /r/cybersecurity by /u/ZakBht2021 on 2024-10-06 22:21:04.

Guys i am new to the field and I want to learn the basics. I know almost nothing about cybersecurity but i have a good foundation in IT as i got my ccna recently and i have been programming in the past (not advanced tho) Is the Google Cybersecurity Professional Certificate worth it? If not what are the best alternatives (preferably on coursera) And i appreciate any tips for a fellow beginner. Thank you 🙏🏻

The original post: /r/cybersecurity by /u/Drunkenirishmen on 2024-10-06 19:27:51.

Hello r/cybersecurity community,

I am currently working on my master’s degree research dissertation, and I need your help! My research focuses on “Improving Cybersecurity for Industrial Control Systems”. As part of my study, I am conducting a survey to gather insights from professionals and enthusiasts in the field.

The survey will take approximately 5-10 minutes to complete. All responses are anonymous and will be used solely for academic purposes.

https://www.surveymonkey.com/r/XJPXZJL

Thank you in advance for your time and valuable insights.

If you have any questions or need further information, feel free to DM me!

The original post: /r/cybersecurity by /u/Disastrous_Chip_702 on 2024-10-06 19:04:21.

Hello, I have been reading and trying to understand the best way to get into do well in this industry. This subreddit is very informative and I appreciate having access for o this place! I am unable to go to college so I’m going the experience and cert route. My question is are there any type of accredited apprenticeship programs? I ask this bed I learn the best with hands on and working through my certification is good but there is only so much I can learn on a computer and just talking test. Any feedback is welcome!

The original post: /r/cybersecurity by /u/TechnicalFlatworm264 on 2024-10-06 17:50:26.

The original post: /r/cybersecurity by /u/Odd-Combination7498 on 2024-10-07 01:03:06.