Hello! I was doing some searching on LinkedIN and got to wondering: I wonder how other people search for jobs? (Yes; I use other sites...just seeing what happens on LI.) Do you only search for titles? Do you use titles that could be interchangeable depending on the organization? Have you ever searched by certifications? I am sure the people who already have jobs could give some suggestions; it's always great to see what the new people are doing! submitted by /u/Critical-Property-44 [link] [comments]

In today’s digital age, where we’re constantly connected to the internet, ensuring the security and privacy of our online activities has…Continue reading on Medium »

Este artigo tem como intuito apresentar algumas dicas básicas para a segurança das aplicações. As dicas servem de uma forma geral, não se…Continue reading on Medium »

Este artigo tem como intuito apresentar algumas dicas básicas para a segurança das aplicações. As dicas servem de uma forma geral, não se…Continue reading on Medium »

I’ve worked in security for seven years and have had certain elements really worn me down over time. I don’t know what happened, but over the past year the following have really made me feel dissatisfaction with this work: •The feeling of not really creating anything with my labor. •Being a cost center to the business and having budget constantly scrutinized/not getting enough to adequately cover a security program. •Having documented security risk constantly dismissed by leadership or stakeholders. Constantly occuring despite tangibly showing them in multiple ways and communication styles. •Generally being disliked by other parts of the parts of the organization and the typically antisocial nature of technical workers at my org makes the job very lonely. •Constant, reactive firefighting. Nobody cares about what security does unless something negative is happening. I think security is interesting and was able to shrug most of this stuff off early on. But with the market contracting and companies trying to outsource or downsize a cost center, it makes the field less attractive for the long run. Has anyone found skills they picked up in security transferred well to other industries? I was looking at industrial hygiene and safety a while back and it seems like it would be more personally meaningful since there’s a human safety element. Hoping to hear if anyone was able to make moves out of a seemingly niche field. submitted by /u/Longjumping-Pin5976 [link] [comments]

Microsoft is a national security threat, says ex-White House cyber policy directorContinue reading on Medium »

Microsoft is a national security threat, says ex-White House cyber policy directorContinue reading on Medium »

Introdução:Continue reading on Medium »

Introdução:Continue reading on Medium »

by@SmartkeyssContinue reading on Medium »

hello everyone. So basically im currently between 2 offers, i've been working as a software developer for 2 years now and i've been studying to pivot my career into cybersecurity. i've been interviewing and i have 2 offers on the table, one is for a GRC focused role that pays more than the other offer (basically the same that i currently get payed), and i prefer a more technical role, and the other one is for a trainee position of soc analyst of 12 months after witch i would be integrated in the company full time, but for the first year i would take a significant pay cut from what i currently get payed. The company that offered me the GRC role has said that they facilitate changes in positions internally, so with some training and formations maybe i could go to a soc analyst position there, without having to suffer a pay cut for a year, but still, could take some time. what would you guys do in this position? submitted by /u/Organic-Clue773 [link] [comments]

Ever heard of having to take an cybersecurity scenario assessment after an interview? I have my first cybersecurity interview coming up and hearing that just threw me off. I have an hour interview panel and then an assessment afterwards that’ll take an hour as well. Thanks for any advice provided. submitted by /u/Little-Armadillo2686 [link] [comments]

Hello Great BuyerContinue reading on Medium »

Como ya hemos mencionado una enormidad de veces, la ingeniería social es uno de los métodos más usuales por parte de los ciberdelincuentes…Continue reading on Medium »

InfoSecSherpa: Your Guide Up a Mountain of Information!Continue reading on Medium »

https://github.com/positive-intentions/chat im not sure if this is for this subreddit so let me know and i will remove the post. im working on an open source project. id like to ask if somone would be interested in contributing a security audit for my project. id like to publish it to my docs (credited). i recieved advice that a good start would be to create a threat-model for my project. i have made a start, but i think it's enough to most of "how it works". id appriciate any advice on what i can update to make it more clear. https://positive-intentions.com/docs/research/threat-model it is of course LLM generated, but i think it is a good start and i hope we can improve it together. to explain the app a little bit, it is a decentralized p2p chat app. it is created as a webapp but i think it works in a unique way. a high-level explination of my app can be seen here. the authentication sequence is described here. generally the docs on the project are not good, but feel free to ask me for clarity on any details and i hope to take the opportunity to update the docs accordingly. submitted by /u/Accurate-Screen8774 [link] [comments]

I have some apps hosted in AWS that I want to secure using a Zero Trust solution. I looked at Cloudflare Access but their free plan doesn't allow storing logs and I can't use multi level subdomains. AWS has AWS Verified Access but that is insanely expensive. Anyone have any recommendations for any other solutions? Either cloud offerings or hosting something open-source on AWS itself. submitted by /u/Big_Phone_3620 [link] [comments]

submitted by /u/Zealousideal_Tip2086 [link] [comments]

Continue reading on Medium »

Continue reading on Medium »

Little background info: I have about 3 years of work experience as a Cybersecurity Analyst (1.5 officially with the title the other 1.5 just doing the work with my IT Analyst title until they finally gave me the new Cybersecurity Analyst title). I have 4 years of IT experience in general. I recently left my job looking for a new one. I'm not getting many interviews as I suspect I don't have much education, as I only have a GED. Concerns: I don't feel like I need the Security+ cert as I have the basic concepts and knowledge. I would rather work on getting my CySA+, as I feel it has more relevant knowledge and more focused on the job I'm looking to do. HOWEVER, I have NEVER seen any job application postings asking for CySA+, even on Cybersecurity Analyst positions posted. They only ask for either CISSP, CISM, GIAC, SEC+, or other related certs. Questions: What I'd like to know, is if I get the CySA+ cert if it would help me with job interviews? Is the CySA+ cert industry recognized and will help me with interviews? Or if I should get the Sec+ instead, if the CySA+ is not an industry recognized cert? submitted by /u/theunknownlives [link] [comments]

Continue reading on Medium »

Top Cloud Security ConsiderationsContinue reading on Medium »

Hello once again! In our latest blog post, we introduce coverage-guided fuzzing with a brief description of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track down the source of vulnerabilities and identify interesting fuzzing paths. https://blog.includesecurity.com/2024/04/coverage-guided-fuzzing-extending-instrumentation/ submitted by /u/IncludeSec [link] [comments]

Hey there! Ready to boost your GitHub security? Setting up an SSH key is the way to go! Let’s dive into the simple steps:Continue reading on Medium »

Click here to get this dealContinue reading on Medium »

I am planning to make a website for my medical business. I'm currently thinking about using GoDaddy or WIX to start off. Are there anything I should be aware of to make my business more secure? Any steps I should be aware of when running my website? Are Domain Protection worth it? I am planning to have patients enter in their information through my website. submitted by /u/Successful-Music-768 [link] [comments]

Click here to get this dealContinue reading on Medium »

TL;DR Based off current market and technology trends it seems Tier I & II Analyst positions are becoming obsolete. Having trouble finding analyst work, even with 1.5yrs analyst exp, 3.5yrs total IT exp. Thinking of honing skills more in the engineering side of the house. What areas of security would y'all recommend to focus on developing skills/education in? I'm curious to know everyone's thought's on this, I certainly have my opinions based off my observations of the current climate of the job market. I am looking for a job and have been looking into analyst II position's, and recently have been looking at analyst 1 positions as well because I haven't had too much luck with the former. I should add that my current gig is a level 1 analyst, I can honestly say that I love the work I do, have been in the role for a year and a half now, and have been working IT for 3 and a half years now. It seems the way the market is trending, and with the direction the technology is heading, companies would rather just hire a few people as a one size fits all engineer/analyst, and maybe hire one or two Tier III analysts to catch anything that slips through the cracks. I guess I'm a little frustrated at this point because even the Tier I position's I don't seem to be qualified for even though I have 1.5yrs experience of Analyst & IR work, 3 total yrs of IT. Aside from that, besides having a degree, I've shown my willigness to continue my education, having obtained Net+, Sec+, and CySA+ all in the past couple years. Wondering if at this point I should just focus on a degree and maybe narrow down on skills related to SOAR and engineering. submitted by /u/sudochief [link] [comments]

Click here to get this dealContinue reading on Medium »

You never know how hackers and other cybercriminals can intrude into your phone, especially if it is unprotected. The best proactive…Continue reading on Medium »

submitted by /u/HopeValArt [link] [comments]

Hello everyone, I work in a CISO team in major european banking company. I’m in charge of all the AI subjects. Long story short : Some IT teams love going on huggingface to download AI models and make tests on non secure environnements 😑. I blocked the domain because of the obvious shadow IT risk and because I want to keep control on the actions made by the devs and the AI models deployed in the company (future regulations are coming into europe so we need to do that). Devs can still download ai models with a temporary derogation if needed and a risk assesment has to be made. I’d like to know if you guys knows examples of malicious AI models findable on huggingface so i can prove that there is a risk. Or maybe my point is stupid and there are no risks but i still need to monitor the deployment of ai systems on the Information System Do you have recommendations on AI security on external AI models? submitted by /u/Select_Recover9638 [link] [comments]

submitted by /u/KolideKenny [link] [comments]

submitted by /u/Standard_Arm_4476 [link] [comments]

What are your thoughts around the technicalities of banning a service such as Tiktok? Will the company be dissolved completely or will there be pressure put on Apple/Google app stores to remove the app, or even a DNS level block? Just using Tiktok as an example here but curious about the technicalities of blocking a website/service. submitted by /u/no_shit_dude2 [link] [comments]

Anyone in cyber security think they're being used just to fill a blank hole and mark off a checkbox that your org needs to show they have a ft cybersecurity employee on-hand? submitted by /u/I_said_watch_Clark_ [link] [comments]

I’ve been seeing a lot of buzz around ISO 42001 and NIST AI RMF lately and it seems these frameworks are gaining traction across industries. Have any of you considered adopting these frameworks for your organization this year? Or maybe your CISO has mentioned them? submitted by /u/CyberSavvy2901 [link] [comments]

Hello all, I am sure you may have seen a post like this a handful of times, last few I have found were a few years old. I am looking for opinions and experience on these 3 Vulnerability scanners. ( Our main goal was to get some info on EOL software / os ) Currently using Nexpose which seems to be decent, most use friendly / easy to navigate. Trialing Qualys and Nessus at the same time currently also. Qualys seems to be the most detailed out of the 3. Nessus seems easier to use and I like the on demand remediation scan. Qualys & Nexpose agents both report back after x amount of time where Nessus agent only works on a daily scan. Qualys and Nessus seem to be finding more 3rd party application Vulnerabilities then Nexpose. Any pros and cons or experience with these long term that you could provide? submitted by /u/Exciting_Passenger39 [link] [comments]

I was wondering if this field is suitable for someone with adhd. submitted by /u/Itchy_Sherbet_9895 [link] [comments]

Hi, was told to post here, hope that's ok. The company I work for has a small IT team and they ask us all for passwords. If we change them, they ask us again for the updated password. This can't be right, can it? We are ISO 2701 and 9001 acredited which must mean something when it comes to security? I don't want to talk to IT for fear of recriminations, what can I do? Among some of the documents we work with are folks' medical records. submitted by /u/Freshwater_Salmon556 [link] [comments]

I have an interview with Amazon in a few weeks for a senior security intel engineer position. I have the STAR(R) format down, and I am pouring over leadership principles, but one small issue has me a bit concerned. The interview will have a coding test, in Python and SQL. I have used both, mostly for my own data analysis projects which were primarily ingest several thousand CSV's of netflow, do analytic stuff, and then output tables and charts. I am not a developer. In past roles, I used enough Python and SQL to get my immediate task/automation done, and then that's it, move on to my investigative work. My work the past year has been pure detection engineering, and I haven't touched either language. How much coding do I really need to demonstrate? I have a few weeks to prepare, and I can "relearn" general purpose Python and SQL, which I will probably do anyway, but how deep do I need to get into more general software development topics? submitted by /u/Ok-Echo-Blue [link] [comments]

Need a way to get privileged access management for our environment. I need it to include, database access (we have multiple), server access (mostly ssh and some rdp), vault and kubernetes. If it also has a way to connect Azure to it and provision the roles there, that would be very helpful as well. We used Thycotic secret server at my old company, and I don’t want to do that again since it was a pain to configure and deploy. I think they are still working on getting things working a year in now. submitted by /u/flakimbocbocu [link] [comments]

https://amp.cnn.com/cnn/2024/04/17/politics/russia-hacking-group-suspected-texas-water-cyberattack submitted by /u/AffectionateNeck6368 [link] [comments]

submitted by /u/gawdarn [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]