So with the recent Fortune 500 outage that impacted some 8,000,000 computers they had the ability to not auto update. My companies core processor resells the product to its clients. Only one insisted on auto updates and was impacted. Do the risks associated with real time updates outweigh the benefits? Did any of these corporations recognize this risk and approve it their risk assessment processes? Change management control failed at the corporate level of every impacted company as well if the risk wasn’t recognized and accepted. submitted by /u/Dizzy_Bridge_794 [link] [comments]

EvilBytecode/Malwarebytes-Shutdowner: Kill malawarebytes process. Can be ported to any programming language. (github.com) This project demonstrates how to terminate the Malwarebytes process. It is designed for educational purposes to illustrate basic methods for process management and termination. submitted by /u/Temporary_Hope_7198 [link] [comments]

submitted by /u/DrinkMoreCodeMore [link] [comments]

Hi, I have mix of Linux/windows EC2 (~30) running inside AWS, along with S3 and RDS (MSSQL). There is Cloud Storage Security available as 3rd party on AWS but I am not seeing them in any list of recognized DLP vendors. Can someone recommend anything? submitted by /u/opti2k4 [link] [comments]

I'm looking at a few positions at Mimecast (U.S.) and I was wondering if anyone had any personal experience with working for Mimecast? In terms of work life balance, compensation, work culture... etc. submitted by /u/Few_Throat_5081 [link] [comments]

Hi all, looking for insight here. I've been in a GRC role the past 6 years and now a Manager 1 making 138K in MCOL. I have a CISA and CISSP and have been doing cybersecurity assessments, compliance assessments over NIST CSF and ISO, and IT audits. I feel like my potential both in growth for my career and salary is being capped. I networked with some sr.mgrs. at my company and they said they are currently at 175K. with not being able to cross 200K for atleast 3 more years in the sr.mgr. role. I have a fair amount of technical knowledge on cyber from my CISSP and GRC knowlege acquired. I'm already working long hours (55-60 hours/week) and have minimal work life balance which has taken a toll on my mental and physical health. Not to mention, I'm starting to find the work really boring and unfulfilling. Also, not being recognized for the contributions I'm making to the team. All extra rewards are given to the staff, seniors, and offshore staff I manage. I know the job market is not too good right now but wondering if anyone had experience in this, what career shift could I do? I've seen some posts on Linkedin where people have shifted to Cybersecurity Engineer / Information Security Engineer / Application Engineer. What is the work like? Pay wise and work life balance wise? I've seen some posts here on reddit where people switch from engineering to GRC too. Would it be wrong to switch out of GRC? Am I stuck in the GRC role forever? submitted by /u/August724 [link] [comments]

Hi everyone, I’m a Senior DevSecOps Engineer and have been thinking of making a move to a new role. In the past, I’ve found new jobs solely by being contacted by recruiters on LinkedIn. I’m UK based and thankfully have been lucky enough to have a steady stream of messages from recruiters that are relevant or match my requirements for most of my career. However lately, I’m getting hardly any and most of the ones I have gotten are sponsored and completely irrelevant. This has led me to consider paying for professional CV and LinkedIn writing services - has anyone used these before? What’s the general consensus on them? My major concern is not being able to find one who has any understanding of InfoSec (much like most recruiters) and does a poor job of translating my experience. submitted by /u/G1ric [link] [comments]

When doing an audit for things like NIST or CIS, is there a tool that can automate some of the process? I know it can't all be automated but I'm just wondering if there is something. submitted by /u/HuskyLogic [link] [comments]

If one of our customers want to gain their CE certification how can we go about getting qualified to deliver the certification? Currently if a customer comes to us wanting to get their CE certificate we will just out source it to another company. What are the requirments & training we need to be able to audit & pass our clients for CE? Where is the right place to start? submitted by /u/Emotional-Thanks8946 [link] [comments]

Im thinking about to give it a try. Anybody work with them, any kind of insight is helpfull. Thanks. submitted by /u/Sea_Courage5787 [link] [comments]

I know that working in security often means fielding a lot of questions from colleagues in other departments. Besides the usual “Is this a phishing email?” what are the most common questions you get asked by people outside of the security team? submitted by /u/CyberSavvy2901 [link] [comments]

Ey up! Our first episode on top hacker movies has been very popular so we’re looking for ideas of other hacker movies good and bad (like MST3K bad!) for part two! So what should we talk about for part two of the topic on our podcast? This is what we’ve already reviewed: Hackers (1995) Sneakers (1992) The Net (1995) The Net 2.0 (2006) Jurassic Park (1993) Jumping Jack Flash (1986) Brazil (1985) The Italian Job (1969) War Games (1983) Electric Dreams (1984) Swordfish (2001) Mr Robot (TV(2015) Full show here: https://youtu.be/hfe7xFA6TaU?si=p9dsYPpStnu6x_xm submitted by /u/GivingBigTechEnergy [link] [comments]

We've all made mistakes or had "aha" moments in our cybersecurity journeys. If you had the chance to send a single, crucial piece of cybersecurity advice back in time to your younger self, what would it be? submitted by /u/AIExpoEurope [link] [comments]

EDIT: thought I’d add some comments I’ve heard in, too. “So you can hack people on Instagram?” “That’s the place to be right now, lots of money” “Won’t AI do it all?” I was also trying to explain to someone what cybersecurity actually was, and she proceeded to ask “Is that like with aerials?” I had no idea what she meant at that point so just agreed. submitted by /u/lone-wolf-x04 [link] [comments]

submitted by /u/Specialist_Mix_22 [link] [comments]

Hey! yesterday I was going over one of my organization's host timeline on MD, because it was suspicious. All of the sudden, I encounter the following: Legitimate signed process 'svchost.exe' has created several .csv files (more than 50 files) within miliseconds, with names like 'servicelayer_af.csv', 'servicelayer_da.csv', 'ar_it.csv' . All of them stored in the path 'C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_9.2.1.0_x64__kgqvnymyfvs32'. This path is related to a game that can be obtained from the Windows store called 'BubbleWitch3'. I looked up for info on whether this action is common with this game, but I have not found anything. It creates not only .csv files but also .css as 'console.css' and .js, 'console.js', .bat as 'autoexec.bat'. All type of files are also hosted in the already mentioned path 'C:\Program Files\WindowsAppsking.com.BubbleWitch3Saga_9.2.1.0_x64__kgqvnymyfvs32'. Here is a screenshot of an example .csv file created "Adv03_Interface_cs.csv" http://imgfz.com/i/kMGEdW7.png Process tree can be seen in the following URL: http://imgfz.com/i/ZnsP4HX.png submitted by /u/jhonvi2 [link] [comments]

Hey everyone, what do you think are going to be the biggest cybersecurity threats over the next 5 years? As technology evolves, we’re likely to see new challenges emerge. How can we prepare ourselves or adapt our strategies to stay ahead of these potential risks? Let’s share ideas on how to strengthen our defenses! submitted by /u/Saran_RK [link] [comments]

Hey all- I spend quite a bit of time using KQL and creating detection rules/queries. I’m curious, what are some of the best, favorite, or query you are most proud of? In my case, it’s a custom USB detection/usage rule, linked to specific groups. Nothing impressive, but it was harder than I expected to create. Once I got it working it felt pretty good knowing I got it to work. Curious to hear what you all say submitted by /u/Evocablefawn566 [link] [comments]

https://www.theguardian.com/news/article/2024/jul/25/israel-tried-to-frustrate-us-lawsuit-over-pegasus-spyware-leak-suggests submitted by /u/Any_Salary_6284 [link] [comments]

Hi all, I'm going through a lengthy interview process with a very large name in the industry. I've gone through a screening and two technicals, now they want me to enter a 4th round with a Sr. Manager. This is for a MDR analyst position. I performed triage for round 3, which would be most of my day to day. I'm confused what more they would want to see from me to warrant another round. I'm beginning to get concerned that I don't have a high chance of being hired, or there is a stronger candidate being considered. I've spent a month now going through this process and it will be incredibly disappointing to be rejected after this much time. Any insight provided would be incredibly helpful. I have 4.5 YOE as a SOC analyst as well as dabbling in other non-analyst roles such as SOAR development. submitted by /u/Top-Kale-3670 [link] [comments]

My current job have implemented DMARC as part of our security controls for email and now we have reports everyday. My question is: How do you manage this on daily basis? submitted by /u/juliocsmelo [link] [comments]

The tech industry as a whole seems oversaturated was thinking of going to college for cybersec but it seems like a waste of time and money with no guaranty of employment submitted by /u/my_philosophy24 [link] [comments]

submitted by /u/uid_0 [link] [comments]

Would love to hear from a lower/ mid/ surface level in regards to detection engineering, best practices, cybersecurity as a career and just overall general user security, some myths and best practices you’ve learned over time Thought it’d be good to collect some things we could all look into over time ~ submitted by /u/BitionGang_33 [link] [comments]

I'm curious, if you were to pick only one (or 2 at most). Which cybersecurity cert impacted the upward trajectory of your career the most? Tell us your job role too to give us context. In addition, what do you think you could have done better? submitted by /u/TheMthwakazian [link] [comments]

submitted by /u/Oscar_Geare [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]