CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

Proxy vs VPN

You can translate the content of this page by selecting a language in the select box.

Ace the AWS Cloud Practitioner Certification CCP CLF-C02 Exam: Prepare and Ace the AWS Cloud Practitioner Certification CCP CLF-C02

CyberSecurity - What are some things that get a bad rap, but are actually quite secure?

CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.

There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.

1- PGP

PGP is a Form of Minimalism

As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:

AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence
  1. You get from them a PGP identity (public key). How you do that is entirely up to you.
  2. Your PGP program uses that identity to perform a single public key encryption of a message key.
  3. Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
  4. Your correspondent does the opposite operations to get the message.

If you want to sign your message then you:

  1. Hash the message.
  2. Do a public key signature operation on the hash and attach the result to the message.
  3. Your correspondent checks the signature from your PGP identity, which they have acquired somehow.

The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.

Ace the AWS Solutions Architect Associates SAA-C03 Certification Exam : Quizzes, Flashcards, Practice Exams, Cheat Sheets, I passed SAA Testimonials, Tips and Tricks to ace the SAA-C03 exam

As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:

  • Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
  • A Signal session requires the storage and maintenance of a lot of state information.
  • Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
  • Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
  • Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.

The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.

I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.

2- Very long passwords that are actually a sentence

It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”

3- Writing passwords down.

I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.

We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.

Did I say passwords? I meant encryption keys.

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLFC01 book

4- Changing default ports for certain services like dbs

Most of the gangs out there use tools that don’t do a full search, so they go through the default port list

5- MFA in general.

Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.

If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.

If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.

6- Oauth for 3rd party apps.

Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.

7- Two-step verification.

Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.

8-Biometric Authentication.

The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.

Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.

One example of this is which is about as secure as you can get.

9- Zoom.

Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.

10- Unplugging the ethernet cable.

11- Browser password managers?

Rant moment: reasons cybersecurity fails


Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.

No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.

This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.


Why do cyber attackers commonly use social engineering attacks?

Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.

Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.

To conclude:

Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.

source: r/cybersecurity

Source: r/cybersecurity

  • How to carry out an Mitre Assessment?
    by /u/elon_Tusk_420 (cybersecurity) on September 28, 2023 at 9:51 am

    I recently picked up an extensive engineering jira story on my organisation’s “assessment” Epic for Mitre Assessment to identify “if the monitoring controls are enabled for relevant Log sources.” The expectation is : Check the mitre techniques and filter out the ones which are valid for our environment. Then check if we have the prevention/detection enabled for it or not. Since Mitre has about 14 tactics and 240 Techniques, it seems like a tall order to accomplish. Are there any tools which I can use to skip manually mapping everything on excel? submitted by /u/elon_Tusk_420 [link] [comments]

  • OT security firm spots 3 vulnerabilities in Baker Hughes rack hardware
    by /u/Choochy89 (cybersecurity) on September 28, 2023 at 9:36 am

    submitted by /u/Choochy89 [link] [comments]

  • Could AI replace pentesters or atleast perform 75% as good as them?(YOUR OPINION)
    by /u/Shoddy_Vegetable_115 (cybersecurity) on September 28, 2023 at 9:18 am

    Im talking about next 5 years or so. Where do you think the AI train will lead us to? submitted by /u/Shoddy_Vegetable_115 [link] [comments]

  • Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
    by /u/DerBootsMann (cybersecurity) on September 28, 2023 at 7:01 am

    submitted by /u/DerBootsMann [link] [comments]

  • Is government internship good or are company internships better?
    by /u/wolfiiism (cybersecurity) on September 28, 2023 at 6:27 am

    I have a government internship interview next friday. I'm getting mixed opinions on this tho since some people are saying it's better to try to intern at a regular tech company than the government. I'd like to ask which one looks better on a resume? submitted by /u/wolfiiism [link] [comments]

  • Is there such a thing as "Indie" projects in cybersecurity?
    by /u/Reasonable_Chain_160 (cybersecurity) on September 28, 2023 at 6:00 am

    Im a Security Architect working for a large org. Recently I picked up some interest in Malware and ML models. I think in generak in Cybersec we consider Av/EDR massive complex software projects way too large for one or a small team to take on. I see this similar to games like Call Of duty or massive studio multimillion dollar project. Is ther a thing such as Indie projects for Cybersec? Do you know of any one you like? Bit small scope but could still prove some value. Or am I crazy? I found quite some interesting Malware/Antimalware projects in github decently sized. Im curious what you think. submitted by /u/Reasonable_Chain_160 [link] [comments]

  • What's everyone doing against libwebp?
    by /u/Audible_Choco (cybersecurity) on September 28, 2023 at 5:25 am

    submitted by /u/Audible_Choco [link] [comments]

  • Worth expensive MDR service to recover from seemingly small attack?
    by /u/Kashek32 (cybersecurity) on September 28, 2023 at 5:18 am

    I work for a medium-sized school district. In our endpoint security software, we recently had an Exchange server showing that "Cobalt-A" "Disrupt_7h" and "DynamicShellCode" exploits were attempted but basically immediately cleaned up by our endpoint software. Our endpoint protection vendor, who also sells a 24x7 managed detection/response (MDR) service, reached out to us and really made it seem like we MUST upgrade to their MDR service immedately because we're likely about to experience a lot of pain since clearly a bad actor is in our network and trying to access things. So far, all we have as evidence of an attack are the 10 minutes of naughty activity on the Exchange server yesterday morning, that all appeared to get detected and cleaned. The vendor even said it appeared "they haven't moved laterally to other systems" yet. We have endpoint protection on almost all devices on the network, and no other systems have triggered similar alerts. No one is reporting any issues. My question is... Does the detection of a few attack attempts on one server such as this warrant the reaction of spending an extremely large amount of money to bring in this vendor to scrub every corner of our network/systems to make sure there are no problems? It just feels like a lot of money to throw at what only appears to be a few malicious attempts in one 10-minute period. Am I underreacting to what could potentially be a huge issue? We're in a tough budget year, and I don't want to panic buy a product we can't really afford, unless the outcome of not moving forward with it could actually be catastrophic. EDIT: Just want to add: I do realize there's an issue we need to address if there's activity like this going on, but there's got to be a more cost effective, simpler solution when the scale of the issue appears to be fairly manageable? submitted by /u/Kashek32 [link] [comments]

  • Is ISSO or ISSE higher?
    by /u/Outsourcing_Problems (cybersecurity) on September 28, 2023 at 3:10 am

    So I've only ever worked at three place. Two of them are with the Army and the last one is with the DOJ. From my experience with the Army, ISSE is higher. My understanding of the ISSE was its an ISSO with the expectation of having more technical knowledge to be able to take on additional duties in implementing as needed. I've take a DOJ job to help accredit a system (as an ISSE) and in talking with some sysadmins. They believe the ISSO is higher. That the grunt work falls on the ISSE so that the ISSO can focus on writing policies and documentation. Like I said, I only worked at 3 locations so I don't know. So the answer may not be black and white but rather it depends on the organization. What are your thoughts and experiences? submitted by /u/Outsourcing_Problems [link] [comments]

  • Top NDR vendors?
    by /u/littleknucks (cybersecurity) on September 28, 2023 at 3:10 am

    We are in the process of looking at different vendors and based on Gartner, they have Vectra, Darktrace, and Extrahop listed. Are there any others we should be looking at? submitted by /u/littleknucks [link] [comments]

  • How do I know I am ready for Cyber Security role?
    by /u/ExaminationSquare (cybersecurity) on September 28, 2023 at 2:31 am

    I am transitioning to a cyber security job by studying for the sec+ to get a better foundation. But I always have this question that is isn't clearly answered and I always get vague answers from people I talk to, so coming to reddit for help. As my question states how do I know if I am ready for a CS job? My background I have years of experience as a Help Desk and System Administrator. If someone asked me how do I know I am ready for a help desk or system administrator job I would ask them the first few simple things if they know these terms or subject: Do you know what AD, Active directory is? Do you know how to add, remove, edit, unlock users and groups in AD? Do you know what and how to use NTFS? Do you know how to search how a file or folder is open and know how to close it because someone needs access to it? Do you know how to setup or use RDP? VPN? VPN products? Do you know what Group policy is? Do you know what ITSM is? Do you know how to setup firewall rules? Do you know any firewall products? Do you know how to setup a physical server? VM server? Have you used M365? Mail handler? O365? Intune? So asking the community for help to provide some real world questions or terms that if I looked at that I SHOULD know from the top of my head if I want to go into cybersecurity. submitted by /u/ExaminationSquare [link] [comments]

  • Routers have been rooted by Chinese spies US and Japan warn
    by /u/wewewawa (cybersecurity) on September 28, 2023 at 2:31 am

    submitted by /u/wewewawa [link] [comments]

  • Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
    by /u/riambel (cybersecurity) on September 28, 2023 at 1:18 am

    submitted by /u/riambel [link] [comments]

  • How do you guys Network? (Not TCP/IP LOL)
    by /u/Shobart (cybersecurity) on September 28, 2023 at 12:52 am

    Heyya Guys, I always see in LinkedIn that Network is one way on how you can get a job. I'm about to be laid off within the next few months and I'm actively looking for a job.. getting interviews here and there.. but I wanted to see how Networking can help me land a job.. English is not my native language so it's kinda tough to understand the jokes and the other stuff that other people talk about. But if it's security technologies or terminologies, I know I can talk to them even for a long long time. ​ How do you guys do Networking? submitted by /u/Shobart [link] [comments]

  • How often do you "put out major fires"?
    by /u/Yakima42 (cybersecurity) on September 28, 2023 at 12:14 am

    I'll elaborate here in the description. I recently finished watching Mr. Robot, and my god did it get me interested in how the field of cybersecurity works. Of course fiction often exaggerates the excitement of a given job, and most jobs likely have a lot of routine BS. That being said, I was wondering the following: Most Curious About: Have you ever helped tackle a major cybersecurity threat that would've greatly impacted your nation (or a lot of people), which very few people knew about? Something like the pipeline hack that happened in the US. How often do you have to put out fires in general, and be in an "all hands on deck" mode? Piggyback off of #2: Which kind of jobs allow for this excitement on a more frequent basis? submitted by /u/Yakima42 [link] [comments]

  • CVE-2023-5129 Rejected; Duplicate of CVE-2023-4863
    by /u/Ready-Philosophy7516 (cybersecurity) on September 27, 2023 at 11:59 pm

    CVE-2023-5129 - ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. The description of CVE-2023-4863 has been changed to "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)" and CVSS is a 8.8 submitted by /u/Ready-Philosophy7516 [link] [comments]

  • Host Weakness Leading to VM Exploit
    by /u/FleetingFelix (cybersecurity) on September 27, 2023 at 11:32 pm

    There are a ton of posts about VM leakage to the host. But what about the opposite? Let's say the following exists: You question the security / confidentiality of your host machine, whether due to use by other parties or otherwise You absolutely trust and, for the purposes of this question, know, the virtualization software is bug/exploit free You isolate the VM from the host, so no shared files/folders, bridged network, etc. VM image is of course EAR With that in mind, if the host gets popped, absent a keylogger scenario where the VM password is compromised, what scenarios exist to exploit the VM? I'm thinking some kind of in-memory attack, but this ain't my forte and I don't know how this would work in the wild. My feeling is that the VM is pretty isolated from the host if the proper controls are in place. Thoughts? submitted by /u/FleetingFelix [link] [comments]

  • TryHackMe: Problem-Solving with Splunk— Write-Up
    by Cindy (Shunxian) Ou (Cybersecurity on Medium) on September 27, 2023 at 11:03 pm

    Link to this TryHackMe room:Continue reading on Medium »

  • Leaving software engineer to enter cybersecurity domain
    by /u/v1shalnaps (cybersecurity) on September 27, 2023 at 10:14 pm

    I'm 22, I have majored computer science in undergraduate. I have two years work experience as a Software Engineer. I'm resigning my job (I'm not much interested on the tech I work and I work 12-13 hrs most of the days eventually ending up with no time to study other stuff) in two months to learn Cybersecurity skills. I always want to end up in Cybersecurity domain since I took computer science major but couldn't find much time to upskill. I have did some courses from udemy by Z-Security. I did prepare for CCNA certification few months back. However it lacked so much consistency while learning due to other factors. Now I really want to deep dive into this field. I found this study plan on git (, do you think this has a good structure? Please comment your recommendations. submitted by /u/v1shalnaps [link] [comments]

  • You clicked on a Wallet Drainer?
    by 0xSaiyanGod (Cybersecurity on Medium) on September 27, 2023 at 10:13 pm

    Learn how wallet drainers have stormed web3 and how to stay safe.Continue reading on Medium »

  • Free awesome VPS for bug hunting process
    by Hazem El-Sayed (Cybersecurity on Medium) on September 27, 2023 at 10:11 pm

    Hi hackers, I’m Hazem El-Sayed (zoma), A Junior Computer Science Student, and Offensive Security Enthusiast, , At this time i am learning…Continue reading on Medium »

  • Slope & Sam Altman:  Revolutionizing B2B payments with AI
    by Don Stalter (Security on Medium) on September 27, 2023 at 9:56 pm

    We led Slope’s earliest round with $5m. Back then, it was really just a pre-revenue, pre-PMF concept and this was our largest check ever…Continue reading on Medium »

  • How can organizations prepare for and respond to cybersecurity incidents?
    by Dale Clifford (Cybersecurity on Medium) on September 27, 2023 at 9:50 pm

    Continue reading on Internet Stack »

  • HackTheBox: Forest
    by Ross Andrews (Cybersecurity on Medium) on September 27, 2023 at 9:38 pm

    As I am working on building my own Active Directory lab and going through HTB Academy’s Active Directory modules, I thought I would try…Continue reading on Medium »

  • AI Security Concerns: Attacks and Defenses
    by Huseyin Cetin (Cybersecurity on Medium) on September 27, 2023 at 9:35 pm

    AbstractContinue reading on Medium »

    by Isaac (Cybersecurity on Medium) on September 27, 2023 at 9:27 pm

    The systemd journal is a log of everything that happens on your Linux computer.Continue reading on Medium »

  • Securing Artificial Intelligence: A Review of Threat Models and Countermeasures
    by Huseyin Cetin (Cybersecurity on Medium) on September 27, 2023 at 9:04 pm

    IntroductionContinue reading on Medium »

  • Cyber Evolution as Seen Through the Eyes of a Cyber Sales Veteran — Special Podcast Edition
    by Brian Waltermire (Cybersecurity on Medium) on September 27, 2023 at 8:41 pm

    Realm Subscribers!Continue reading on Medium »

  • Bug Bounty Beginner Methodology: CSRF
    by arshiad3v (Security on Medium) on September 27, 2023 at 8:10 pm

    Continue reading on Medium »

  • Full bug bounty methodology to help you get started
    by arshiad3v (Cybersecurity on Medium) on September 27, 2023 at 8:10 pm

    Continue reading on Medium »

  • The New Age of Quantum Computing and CIFDAQ’s Preparedness
    by CIFDAQ (Security on Medium) on September 27, 2023 at 8:07 pm

    In today’s rapidly advancing tech world, quantum computing stands out as a game-changer, especially for cyber-security. With quantum…Continue reading on Medium »

  • The internal communication challenges, organisations face in today’s world.
    by Afridipillay (Security on Medium) on September 27, 2023 at 7:57 pm

    Introduction: In today’s world, internal communication plays a pivotal role in determining an organisation’s success. With changing…Continue reading on Medium »

  • The Battle for Apple’s Default Search: Bing’s Bargaining Chip, Apple’s Profitable Game
    by Altech (Security on Medium) on September 27, 2023 at 7:32 pm

    Hi there, fellow tech enthusiasts! Get ready for some juicy insider info straight from the US government’s antitrust trial against Google…Continue reading on Medium »

  • Expanded Analysis: Implementing a Distributed Timestamp Server with Proof-of-Work in Bitcoin
    by Michael Di Fulvio (Security on Medium) on September 27, 2023 at 7:25 pm

    Distributed Timestamp Server & Proof-of-Work (PoW) — Source Code snippetsContinue reading on Medium »

  • My Lifesaver: How a Biometric Safe Transformed My Security
    by Matthew Foisy (Security on Medium) on September 27, 2023 at 6:48 pm

    1. Unmatched SecurityContinue reading on Medium »

  • SUID permission, what is it and why can be dangerous?
    by Konstantinos Patronas (Security on Medium) on September 27, 2023 at 6:25 pm

    SUID stands for “Set User ID” its a special permission in Unix and Linux operating systems which allows a command to be executed with the…Continue reading on Medium »

  • Exploring Triton Systems: Innovating the Future
    by @WolfeNetwork (Security on Medium) on September 27, 2023 at 5:58 pm

    Triton Systems, a dynamic and innovative company, has been making waves in the world of technology and engineering since its inception…Continue reading on Medium »

  • CCSP, CISSP or Az-500/Sc-200,sc-100..etc
    by /u/Krish03101991 (cybersecurity) on September 27, 2023 at 5:36 pm

    Hi Team, I am having 7 Yoe as sys admin and SOC I am working in MSS currently and we are managing multiple security products like Crowdstrike, intune, defender, trendmicro and McAfee. Now, for knowledge and money purpose, should I concentrate on Vendor neutral certification like CCSP, CISSP like that ? Or only a specific vendor certifications like Microsoft Az-500, Sc-100, sc-200 like that and specialize on Microsoft alone in future ? My main motto - To earn huge money 💰 in future. Please suggest me submitted by /u/Krish03101991 [link] [comments]

  • Possibly massive new zero day: CVE-2023-5129. Looking for compiled lists of affected software and patch status.
    by /u/A-Series-of-Tubes (cybersecurity) on September 27, 2023 at 4:06 pm

    Links to the NIST CVE along with one good summary article that contains a compiled list of affected software so far. If anyone knows of other affected software and patch status updates, please post. submitted by /u/A-Series-of-Tubes [link] [comments]

  • Pros and Cons of GRC? What are the highlights and headaches? Is it worth getting into right now or is it oversaturated?
    by /u/Ornatbadger64 (cybersecurity) on September 27, 2023 at 2:20 pm

    Is there generally a bright future or is it a dead end office job? Is it lucrative or will it leave me working a second job at night? I am debating either continuing on the GRC path or jumping into something more technical? submitted by /u/Ornatbadger64 [link] [comments]

  • I can't train new co workers, they are unwilling to understand
    by /u/sk8er_girl90 (cybersecurity) on September 27, 2023 at 2:17 pm

    So for almost 1 year I've been working alone as a soc analyst, I trained myself and understand the concept of SIEM & monitoring. Now it's 3 years since I've been soc analyst (ive been i tech for 7 years) and I'm hoping to switch department. So my co worker ABC have been working for a year now as SOC analyst. And I trained her along side new grad. They all graduated with Bsc in cyber I'm Bsc in computer science and master in data science. My coworkers A & B say " i didn't graduate from uni with cybersecurity certificate to close & report alert or monitoring network" she have been saying the same thing since the 1st month she started working. And the new grad too are not impressed by Blue team or SOC process and procedures they are expecting something from a movie even my co worker A&B she said "yeah me too i expected something like in the movie" I'm planning to tell my manager that now I deserve to move in my career to different job position, but I just don't know how i can tell him that I deserve new position and I don't see hope with people. It's making me frustrated that they don't understand the importance of soc analyst or monitoring network submitted by /u/sk8er_girl90 [link] [comments]

  • Hackers can now steal your passwords through your GPU (pixel-by-pixel)
    by /u/nareksays (cybersecurity) on September 27, 2023 at 2:15 pm

    submitted by /u/nareksays [link] [comments]

  • Started a new role and a new conundrum
    by /u/dazeandconfuzer (cybersecurity) on September 27, 2023 at 1:38 pm

    Recently took a remote job as a SOC analyst, and my bosses and coworkers all pull 90 hour weeks. I’m big on work life balance, but I’m also used to performing well and giving my all. Has anyone else encountered this? submitted by /u/dazeandconfuzer [link] [comments]

  • How do you keep up with cybersecurity news?
    by /u/freshkidwilbi178 (cybersecurity) on September 27, 2023 at 12:10 am

    What platform do guys use to keep up with cyber security news and updates? submitted by /u/freshkidwilbi178 [link] [comments]

  • Mentorship Monday - Post All Career, Education and Job questions here!
    by /u/AutoModerator (cybersecurity) on September 25, 2023 at 12:00 am

    This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]

error: Content is protected !!