Hi Everyone, I'm interested in becoming a CNO developer, and want to know the best way for me to land a job with no work experience in the field. The problem is, as with a lot of cybersecurity jobs, companies require many years of experience in addition to a multitude of skills. This is a catch 22 because I can't get experience if I'm not hired for a job, but I won't be hired for a job unless I have experience. My questions are as follows: 1) What is the best way for me to compensate for lack of work experience, so I can land a CNO development job? 2) In addition to learning the requisite skills on my own, how much will certs (perhaps OSCP, GREM, etc.) help? I already have Security+. 3)What about ideas for real-world personal projects I can complete on my own to demonstrate to employers that I have the knowledge necessary for the job? 4) What about internships? Thank you all in advance for the help. submitted by /u/Any_Volume5771 [link] [comments]

It's not uncommon that through either URL Rewriting or someone reporting a phishing attack, I find an individual who clicked on a link in a phishing email, which took them to a phishing form, typically trying to steal their username and password. When the user has NOT entered any credentials, how do you handle these? Do you force a password reset anyway? Reset login tokens? Wipe computer? Force the end user into a phishing training program? Again, this is not for incidents where the user entered login creds; this if for those who clicked but DID NOT enter creds. I have my own small playbook I use, but I am interested in hearing what others in the community do. Thanks in advance! submitted by /u/SecurityCocktail [link] [comments]

Hey /r/cybersecurity, We're a cloud-only environment with several offices across the United States and Asia. All of our non-public data is stored in the cloud, but employees can use these offices to work/collaborate if they so choose. We'd like to improve our physical security by upgrading our badging system. Desired qualities: SaaS-based platform for centralized management Users should be able to badge in with an app using their phones Information Technology/Security must be able to remotely lock/open doors Information Technology/Security must be able to provision/deprovision user access Access logs should be collected and retained for at least 90 days Are there any providers that this sub highly recommends? I'm happy to provide more information if needed. Thanks! submitted by /u/BuildingKey85 [link] [comments]

submitted by /u/z3nch4n [link] [comments]

Not sure if I should continue with my current job or should I look forward to change! Should I wait because of layoffs in majority of organisations? submitted by /u/Anonymoussharma17 [link] [comments]

Welcome to the 94th day of our cybersecurity journey! Today, we embark on an exciting exploration into the world of Penetration Testing, a…Continue reading on Medium »

👉 What’s happening in cybersecurity today?Continue reading on Medium »

I'm pretty sure we've all seen and/or performed vulnerability scans before. So I'm curious what was a discovery that made you guys go "fuck no kill it with fire" I've seen assets with maybe 5 or 10 max vulnerabilities that needed to be looked at but NEVER have I seen one with over 400 vulnerabilities until today. Missing years of security patches submitted by /u/XToEveryEnemyX [link] [comments]

In this write-up, I will explain two cases of Self-XSS where I managed to escalate them into something impactful.Continue reading on Medium »

Well the gaming community is being targeted, who may wonder why? Well Web3 gaming has received more VC funding in the last 2-years than…Continue reading on Medium »

My favorite websites and online places to learn CyberSecurity in 2024Continue reading on Javarevisited »

My favorite websites and online places to learn CyberSecurity in 2024Continue reading on Javarevisited »

I don't get it, I'm in IT right now, went to school for cyber security and everyone seems to hate their job. Working with other people you have to recognize they are going to ask "dumb questions" and it's my job to help them parse that question to something that makes sense. Not everyone has the same background you do. I dont understand why everyone gets so mad over it. I have a guy I work with, if you ask a dumb question he just stops responding to them until someone else deals with it (we do things mostly over teams) And everyone seems to complain about dumb questions, seems silly to get so upset over it. Is this a constant throughout working in the field or is it just the people I work with? submitted by /u/bearboyjd [link] [comments]

Proxmox VE is a hypervisor based on the debian GNU/Linux distribution and KVM. Unlike its competitors such as VMware (HyperV being crap)…Continue reading on Medium »

Hey Guys, I’m a former software developer who just transition into project management and my new company gave me the task to manage the proper implementation of the SSDLC. Since I‘m not a security expert (and to be honest never heard of this topic before) I‘m looking for some resources that help me catch up. I already found the course guide for the CSSLP (Certified Secure Software Lifecycle Professional) by Paul Mano but it was published in 2013 so I‘m not sure if it’s up to date. Anyways, I do not intend to take a certification. I just need some current book / online-course, so that I can grasp the scope of the project and keep up in a conversation with the project team (which still isn’t defined yet). Thanks! submitted by /u/Sea-Eggplant480 [link] [comments]

In the sprawling metropolis of the digital world, the specter of cyber threats looms large. Just when we think our ramparts are…Continue reading on Medium »

When it comes to technology, few things have captured our imagination quite like quantum technology and the mind-bending concept of time…Continue reading on Medium »

This guide provides instructions on how to smoothly integrate NYM into your tech products. NYM is a decentralized architecture for digital…Continue reading on Medium »

SCAP scans are required in many cases, such as STIGs for US government work and PCI compliance for e-commerce. When not required, they're a great way to improve security hardening. These scans report issues such as world-writable files, insecurely configured services, and more. Performing SCAP scans has traditionally been a manual process involving obscure tools, complex output requiring security specialists to interpret, and non-repeatable techniques. However, I improved that process, making it automated and easy to understand. I provide copy-and-paste ready-to-go GitHub Actions and GitLab CI code that you can drop into your projects to automatically and effortlessly scan docker images for compliance with benchmarks from CIS, PCI, STIG, and more. Check out https://candrews.integralblue.com/2023/09/scap-security-and-compliance-scanning-of-docker-images-in-github-actions-and-gitlab-ci/ for the code and more information about SCAP scans and my work to make them easier to perform. submitted by /u/candrewswpi [link] [comments]

Vendors and users share responsibility for data security in the cloud. Everyone knows this, but everyone understands it differently.Continue reading on Apriorit — Specialized Software Development Company »

In response to the escalating online interactions and the concurrent rise in online harms and hate crimes, the UK government has taken a…Continue reading on Medium »

Shrouded in mystery, the dark web has gained a reputation.Continue reading on Medium »

Shrouded in mystery, the dark web has gained a reputation.Continue reading on Medium »

In the rapidly evolving landscape of cybersecurity, there exists a group of professionals often overlooked yet vital to the integrity of…Continue reading on Medium »

I'm getting a few ISO audits out the door, and some HITRUST testing submitted by /u/Who_Da_Fuck [link] [comments]

Define, document, and debug using technical privacy tests.Continue reading on Medium »

From Arab spring to the American withdrawal from Afghanistan.Continue reading on The Geopolitical Economist »

Investing in robust security measures is crucial to protect your digital assets and mitigate cyber risks. Here are some steps you can take…Continue reading on Medium »

If there is anyone who went the route of Network engineer to Cyber security, I am wondering how you were able to do it, how long were you a network engineer for, before deciding to head into Cyber security and if so what were the steps you took, did you have a CCNA then went to get another certification to then going on the job hunt, what advice would you give someone trying to do this submitted by /u/Honest_Bank8890 [link] [comments]

Continue reading on Medium »

In today’s digitally connected world, web applications have become integral to our daily lives. From online shopping to social media, we…Continue reading on Medium »

What are some underrated cybersecurity tools or practices that more people in the industry (and outside of it) should know about? submitted by /u/Happy-Matter-3140 [link] [comments]

Hello all, I'm looking for what could be done to ICS (Industrial Control System) security, at least to have insight of all devices and vulnerabilities they exposed. Can you suggest any tool for passive discovery, device inventory or something like that...? For further improvement, the design and architecture would be reviewed as well. Is there any good reference to ICS security framework, architecture or best practices that I may learn from? submitted by /u/Nice-Estimate2311 [link] [comments]

Hello, I know the title is vague, everyone would probably choose engineer, but maybe someone had a similar situation. Asking for some perspective. I work as a SOC Analyst in shifts and I have on the table a position as a SIEM Engineer. Now the catch is that the engineer position is paid around 35% less than the soc one because of missing shifts. It would be a 9-5 position, but the thing is that I actually like the shifts especially with my curent life style. I love having free days in the middle of the week and to not work 5 days in a row. Also the soc position is quite stress free and chill and I already know that for the engineer position would involve a lot of learning and stress (especially because I wouldn't have a training, nor a colleague/trainer nothing). The only good thing I find about the engineer position is for the future jobs. So what would you choose? Remain a Soc Analyst with good pay and relax clients + free time or choose engineer with a downgrade payment of 35% and considerably more work needed but the chance to learn new things that may help you in the future + XP on engineering side and on CV? Thank you! submitted by /u/danievident [link] [comments]

submitted by /u/Odd_Strength2984 [link] [comments]

I am currently a CISO in a rather small Org, interesting work since we are a cyber company so I am able to do internal work and consult clients at the same time. I am a certified ISO Lead auditor and implementer, some project management certs and an MBA. Where should I spent my yearly budget on now, given that I want to grow as CISO. submitted by /u/CircumlocutiousLorre [link] [comments]

24 September 2023 - National Student Clearinghouse Data Breach Impacted Approximately 900 U.S. Schools The National Student Clearinghouse (NSC) is a nonprofit organization based in the United States that provides educational verification and reporting services to educational institutions, employers, and other organizations The organization has disclosed a data breach that impacted approximately 900 US schools using its services. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- Read more: https://securityaffairs.com/151281/data-breach/national-student-clearinghouse-data-breach.html 22 September 2023 - Head of Hong Kong consumer watchdog apologises for potential data leak The head of Hong Kong’s consumer watchdog apologised on Friday over a potential leak of personal data involving more than 8,000 people following a cyberattack. Unknown hackers had threatened to leak the data by Saturday night if a US$500,000 ransom was not paid, Consumer Council chairman Clement Chan Kam-wing said, addressing the public over an incident that had shut down 80 per cent of the watchdog’s computer systems. Read more: https://www.scmp.com/news/hong-kong/law-and-crime/article/3235438/head-hong-kong-consumer-watchdog-apologises-potential-data-leak-affecting-over-8000-people-us500000 20 September 2023 - Pizza Hut Australia hack: data breach exposes customer information and order details The data obtained includes customer details and online order details from Pizza Hut’s customer database, including names, delivery address and instructions, email addresses and contact numbers. For registered accounts, it would also include encrypted credit card numbers and encrypted passwords. Read more: https://www.theguardian.com/australia-news/2023/sep/20/pizza-hut-hack-australia-data-breach-passwords-information-leak submitted by /u/zolakrystie [link] [comments]

🔥 Introduction to Cloud Security Episode 2 IAM 🔥 https://youtu.be/3-SbnrdpvoA submitted by /u/Early_Psychology_220 [link] [comments]

I've been searching my entire weekend, but it looks like all the products I found, PANW NGFW, Cloudflare WAF, Azure Firewall, etc., all have APIs that allows me to get Firewall policies and its settings, but not the actual intrusions, URLs, that the firewall captured. ​ Is there a product that provides an API for this use case? submitted by /u/InfiniteHalf22 [link] [comments]

I came upon an article discussing Brand Impersonation, where cybercriminals mimic trusted brands to deceive users and take advantage of another’s reputation in order to steal information. It's alarming how advanced these tactics have become in the cybersecurity landscape. You can check out the article here. Has anyone here fallen for such impersonations or came across them professionally? Would love to hear your experiences and insights. submitted by /u/berke7689012 [link] [comments]

Recently I was wondering why even the biggest companies are prone to such simple attacks like the Password Spraying Attack. As the name suggests, it seems like a simple enough attack where they would guess passwords via computer algorithms to try and force the right one. Through some research I found that that Password Spraying is: - A brute force attack where the attacker attempts variations of passwords repeatedly in a short amount of time. (Varnois) It also mentions that hackers aren’t repeatedly trying to log in to same accounts so they avoid getting locked out due to excessive number of login attempts like brute-force attacks do. The most common practice seems to be to educate your employees to change their passwords periodically. However, what are some more effective ways to defend against Password Spraying Attacks, what can the company actually impose, other than changing passwords in their security system from stopping such attacks? submitted by /u/fried20melon [link] [comments]

submitted by /u/talentSA112200 [link] [comments]

It’s almost been a year working as SOC and I feel burn out. It’s not the work load but the hours I work that take a toll in my body. Recently got my MS in cybersecurity so plan to look further but for the current Soc peeps how do you guys do it? Edit: thank you guys for your input and advice. I do appreciate it, somethings I’ll mention. My hours is not 40 but it’s around 48 (days, nights) I do get long breaks from work (3-5 days off) so I take full advantage, but I try to keep away from studying just because of my mental health. I do plan on focusing on my career path which I will do more hands on lab and cert studying. One thing I want to tell everyone who’s already soc or interested in, you got to start somewhere. If you get the opportunity use it to the max. Chances are you won’t be where you are now within a year but somewhere better. Stay safe cyberfolks and mental health is important! submitted by /u/General-Example-3837 [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]

I'm in IT Security at a small company with a tight budget. Unfortunately, we can't afford a pen test right now. So, I'm looking for advice on any tools and methods to use to identify and shore up any potential vulnerabilities or gaps. Has anyone been in a similar situation and can share their insights? Thanks! submitted by /u/Fantastic_Ice1107 [link] [comments]

When I take courses to learn something I find myself learn nothing because I don't find where is it useful or why would I need that? But when I've a goal to answer the questions in my mind and start searching in Google and other resources, I find myself learning tons of things compared to what I learned in the courses Currently I am forcing myself to watch professor Messer sec+ just to take the certificate but everything for me is just a garbage and torture, the same when I took the Google cybersecurity certificate submitted by /u/No_Sandwich1231 [link] [comments]