As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
You get from them a PGP identity (public key). How you do that is entirely up to you.
Your PGP program uses that identity to perform a single public key encryption of a message key.
Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
Hash the message.
Do a public key signature operation on the hash and attach the result to the message.
Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
A Signal session requires the storage and maintenance of a lot of state information.
Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
3- Writing passwords down.
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
6- Oauth for 3rd party apps.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
- “Damn Vulnerable DeFi Wargame” Challenge #4 — Side entrance Contract Analysisby Zer0Luck (Security on Medium) on June 26, 2022 at 7:24 am
Wargame Provider: @tinchoabbateContinue reading on Medium »
- CIA in securityby Alireza Nasri.p (Security on Medium) on June 26, 2022 at 7:20 am
Abstract : Seeing this word, the CIA will probably remind you of the US intelligence service. But make no mistake, this word also stands…Continue reading on Medium »
- Introduction and Detail about the JWT Authentication and Authorizationby Jaydeep Patil (Security on Medium) on June 26, 2022 at 6:43 am
We will discuss Authentication and Authorization using JWT Token and different Cryptographic Algorithms and Techniques. So, we look at the…Continue reading on Medium »
- Kemampuan Dasar Cyber Securityby Aziz (Cybersecurity on Medium) on June 26, 2022 at 6:38 am
1. ProgrammingContinue reading on Medium »
- Red Team vs Blue Teamby Richard Atanasov (Cybersecurity on Medium) on June 26, 2022 at 6:38 am
As I study for my Security+ exam, I covered the topic of the Read Team and Blue Team. In the world of cybersecurity, these groups work…Continue reading on Medium »
- 5 OS (operating system) Penetration Testing Terbaikby Aziz (Cybersecurity on Medium) on June 26, 2022 at 6:21 am
Continue reading on Medium »
- User Awareness Training - is it worth the time and money?by Richard de Vries (Security on Medium) on June 26, 2022 at 5:02 am
Most companies educate their employees on security awareness. Various topics including (spear)phishing, not clicking on you don’t trust…Continue reading on Tales from a Security Professional »
- Hyperlink Injection On IRC Cloudby Aswin K V (Security on Medium) on June 26, 2022 at 4:55 am
What is Hyperlink Injection, its basically spoofing or injecting a link when sending an email invitation. Its a P5 according to bugcrowd…Continue reading on Medium »
- TCL IoT Smart Lock 10 Seriesby Shane Lee (Security on Medium) on June 26, 2022 at 4:14 am
TCL Smart Lock X10 (10 unlock ways)Continue reading on Medium »
- [MSA weekly 1]- Skill yang harus dimiliki sebagai Cyber Security Engineerby Fazri Saputra (Cybersecurity on Medium) on June 26, 2022 at 4:07 am
(Teknis dan Non Teknis)Continue reading on Medium »
- CTF (aka Capture The Flag) is a competition where teams or individuals have to solve a number of…by ishant (Cybersecurity on Medium) on June 26, 2022 at 3:45 am
What is CTF? CTF for beginners complete guide. Learn how to solve CTF challengesContinue reading on Medium »
- CTF for beginners: What is CTF (Full Guide)by ishant (Cybersecurity on Medium) on June 26, 2022 at 3:37 am
CTF (aka Capture The Flag) is a competition where teams or individuals have to solve a number of challenges. The one that solves/collects…Continue reading on Medium »
- Auth Lab Weekly Security Reportby Auth Lab (Cybersecurity on Medium) on June 26, 2022 at 3:32 am
Northwestern Polytechnical University Suffers From Overseas Cyber AttackContinue reading on Medium »
- Concept Of A Smart Homeby Jennifer Allen (Security on Medium) on June 26, 2022 at 3:13 am
Smart Home is a convenient home system. In which you can automatically control devices and appliances in your home remotely from anywhere…Continue reading on Medium »
- [MSA weekly 1] “5 OS untuk mempelajari Cyber Security “by Fazri Saputra (Cybersecurity on Medium) on June 26, 2022 at 2:46 am
Kali LinuxContinue reading on Medium »
- OWASP-ASVS and other acronymsby Harshita Singh (Cybersecurity on Medium) on June 26, 2022 at 2:41 am
Like any great recipe on the internet, the relevant bits of this article can be found after my mini-ramble.Continue reading on Medium »
- InfoSecSherpa’s News Roundup for Saturday, June 25, 2022by InfoSecSherpa (Cybersecurity on Medium) on June 25, 2022 at 11:20 pm
InfoSecSherpa: Your Guide Up a Mountain of Information!Continue reading on Medium »
- Offshore Oil and LNG — Key Industry Solutions to the World’s Growing Energy Dilemmaby Monroe Mayfield (Security on Medium) on June 25, 2022 at 10:39 pm
May 2022 was an outstanding month for offshore oil and gas production news, with companies establishing new partnership agreements linking…Continue reading on Medium »
- Deep Dive: Crypto Self-Custodyby GamiFi (Security on Medium) on June 25, 2022 at 8:36 pm
If you have been paying attention to crypto news recently, you have probably heard of various insolvencies across the industry. Whether…Continue reading on Medium »
- Diving into Elasticsearch Securityby Stef Nestor (Security on Medium) on June 25, 2022 at 6:24 pm
Securing Elastic clusters involves around 20 objects and a handful more decisions.Continue reading on Medium »
- Apple and Android phones hacked by Italian spyware, Google saysby /u/wewewawa (cybersecurity) on June 24, 2022 at 11:47 pm
submitted by /u/wewewawa [link] [comments]
- SMTP for Phishing service?by /u/Ricardoh2 (cybersecurity) on June 24, 2022 at 9:44 pm
Hello community, I tell you that I lead ethical phishing projects and I have come across many email sending service stopers (SMTP open realy), do you know any that have served them for mass mailing and that "allow" ethical phishing exercises? submitted by /u/Ricardoh2 [link] [comments]
- I’ve managed to get a cyber job!by /u/Untraveled (cybersecurity) on June 24, 2022 at 8:13 pm
I first managed to get into an IT role around this time last year. Coming from a banking background and an accounting degree it was a bit of an uphill battle. After a couple of years of working in banking, I realised I have a passion for IT and security specifically. As I work for a massive outsourcing company, there are tons of opportunities with different career paths which allowed me to secure my first role as a service desk analyst. The role was easy enough and not too technical so I was using my free time to upskill using things like TryHackMe and YouTube. Even then, I didn’t feel like I was at a level to get into a cybersec role, regardless, I applied for a role in the SOC that my outsourcing company works for. Did a few interviews and as expected, I got rejected. I was given a training plan and was told to reapply in 6 months to a year. This was a month ago. Yesterday, I was surprised to see the head of security send me a message to have a chat today. I tempered my expectations and assumed he was checking up on how my training was going. Turns out a role has become available and I was offered the job. I can’t wait to get started even though I was told the learning curve will be practically vertical. Definitely going to be a bit of imposter syndrome in the first couple of months. I just wanted to share this and celebrate this online before I reveal to my friends! submitted by /u/Untraveled [link] [comments]
- Binaries for REby /u/Owt2getcha (cybersecurity) on June 24, 2022 at 8:05 pm
Hello all! I am wondering if anyone knows a good resource for binaries with exploited software that I could reverse engineer and add to my summer projects? Turned out I really enjoyed doing this in school and would love to get more comfortable with it. Thank you! submitted by /u/Owt2getcha [link] [comments]
- Has anyone here used AWS for malware analysis?by /u/that-gostof-de-past (cybersecurity) on June 24, 2022 at 6:37 pm
Ive received a few phishing emails and id like to do some analysis. I don't want anything touching my home network. Has anyone used AWS for this ? submitted by /u/that-gostof-de-past [link] [comments]
- How do password managers fit within your security model?by /u/Graham-1Password (cybersecurity) on June 24, 2022 at 6:10 pm
Hey folks - I work for 1Password helping guide our product roadmap, and, even though I've browsed this sub for a while personally, I'm coming to you to get your thoughts on password managers and their place in your company's larger security model. I've got nothing to sell and have just noticed the quality of conversation in this sub, hence me wanting to see what you folks think. (Mods have approved this, so, thanks!) I work on making sure we're building the right things for our business customers, and reddit gives me that frank, honest feedback I find so useful in so many other things in my life... To that end: How much do you feel like using (or not) a password manager makes an actual difference in your company's overall security posture? For your larger IAM systems and policies, how do you try and secure access to apps/services that aren't SSO-enabled and still need a username/password? Or does SSO cover off enough of your services that you aren't too concerned with the others? Does it fall to you folks in CyberSec to create and manage policies for how other sensitive info is shared? For example, other stuff can be stored/shared in 1Password (Credit cards, developer secrets like SSH keys, ...) - would you consider this stuff part of access management, in a sense, to try and keep organized with how that stuff is securely accessed? Happy to get your thoughts (the good, the bad, and/or the ugly) about any of this stuff, and even your more general opinions on how useful password managers seem to you. We've been building this tool for 15+ years and have always tried to keep a close connection to our users, even as we've grown. I'm hoping we keep it that way, so here's to me asking all of you! submitted by /u/Graham-1Password [link] [comments]
- IDS needed / recommendations?by /u/thelizardking43 (cybersecurity) on June 24, 2022 at 4:27 pm
Are IDS's antiquated and instead Huntress, Crowsdtrike, or other threat hunting services sufficient / superior? Are there IDS's you'd recommend? submitted by /u/thelizardking43 [link] [comments]
- A daily updated summary of the most frequent types of security incidents being reported by CISA, CERT-FR, MA-CERT, ZeroDayInitiative and IBMCloud.by /u/karimhabush (cybersecurity) on June 24, 2022 at 4:16 pm
submitted by /u/karimhabush [link] [comments]
- Best RSS feeds for your Intelby /u/securethelogs (cybersecurity) on June 24, 2022 at 3:24 pm
Hey guys, I’m just wanting to know what’s your best RSS feeds in keeping up to date with the world of Security. Things like BleepingComputer or TheHackerNews. Just curious 🙂 submitted by /u/securethelogs [link] [comments]
- SMS phishing is way too easyby /u/speckz (cybersecurity) on June 24, 2022 at 3:10 pm
submitted by /u/speckz [link] [comments]
- $100 million worth of crypto has been stolen in another major hackby /u/jivatman (cybersecurity) on June 24, 2022 at 3:05 pm
submitted by /u/jivatman [link] [comments]
- What is the best method for users to securely submit malware samples?by /u/tsuto (cybersecurity) on June 24, 2022 at 2:38 pm
As the title says, I’m wondering if there are any industry standards or best practices for how to actually move malware samples, memory dumps, etc from place to place? The idea would not be an end user really but rather forensic analysts being able to transfer artifacts they’ve extracted to dedicated reverse engineering teams. Worth mentioning that the RE group would be a subcontractor and needs to have a system for submitting tickets as well as files in a secure way between organizations. Is there anything your company uses that you’d recommend? submitted by /u/tsuto [link] [comments]
- Top cybersecurity stories for the week of 06-20-22 to 06-24-22by /u/CISO_Series_Producer (cybersecurity) on June 24, 2022 at 2:10 pm
Top cybersecurity stories for the week of 06-20-22 to 06-24-22 Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines. If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Marnie Wilking, CISO, Wayfair. If you want to get involved you can watch live and participate in the discussion on LinkedIn Live (register), or you can just subscribe to the Cyber Security Headlines podcast and get it into your feed. Here are some of the stories we'll be covering: US DoJ announces shut down of Russian RSOCKS Botnet An international police operation that involved law enforcement partners from Germany, the Netherlands, and the U.K. shut down the RSOCKS botnet which was composed of millions of compromised computers and other electronic devices around the world. This included industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. It had also expanded into compromising additional types of devices, including Android devices and conventional computers. The operators behind the RSOCKS botnet offered their clients access to IP addresses assigned to the compromised devices to route internet traffic. (Security Affairs) Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS The ransomware, tracked as “QNAPCrypt” and “eCh0raix,” is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends .encrypt extension to filenames of encrypted files. It has been active since at least 2019, and we reported on the last wave of attacks back in December 2021, In May 2021, QNAP warned customers of threat actors that are targeting its NAS devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability on devices using weak passwords. Experts are now reporting a surge in eCh0raix infections in industry forums. (Security Affairs) Chrome extensions can be used for fingerprinting There have long been ways to use browser information to fingerprint users. However a web developer who goes by ‘z0ccc’ released the site “Extension Fingerprint,” which can generate a tracking hash based on a browser’s installed Chrome extensions alone. Some extensions use a secret token that is required for external pages to view if it’s installed, but z0ccc found that comparing loading times for the protection extensions can reveal which ones are installed. Bleeping Computer found that installing 3 to 4 extensions brough the percentage of users with the same extensions to as low as 0.006%. The approach works for Chrome and Edge browsers, but not on Firefox, which use unique Firefox extension IDs for every browser instance. The developer claims that while every browser can’t be uniquely identified by extensions alone, it could be easily combined with other information to create a truly unique ID. (Bleeping Computer) Overconfidence in API security leaves orgs at high risk Radware’s 2022 State of API Security report reveals a sharp increase in API usage due to reliance on cloud infrastructure and other intersystem communications. While 92% of those surveyed believe they have adequate protection for their APIs, 62% admit a third or more of APIs are undocumented, leaving organizations vulnerable to cyber threats, such as database exposures, data breaches, and scraping attacks. Additionally, half of respondents indicated their existing tools provide only partial or minimal API protection highlighting that cyber security leaders may have a false sense of security when it comes to their APIs. Michelle McLean, Vice President at Salt Security, said the findings reinforce that API security is vastly under prioritized, and the time is now to turn the dial and incorporate adequate solutions as old tools are not enough. (Security Magazine) Daycare apps found insecure The Electronic Frontier Foundation looked into the security used by daycare apps, which are often required when enrolling children. It found that almost all apps lack any kind of 2FA, with one of the more popular Brightwheel claiming it was the “1st partner to offer this level of security.” It also found many apps had weak password policies, used undisclosed Facebook trackers, and had cleartext traffic enabled. The EFF wasn’t the first to highlight these issues, but found that many app makers lacked basic emails to send security issues to, and often were unresponsive. A previous Australian study found that just 14% of vendors responded to security issues with daycare apps. The EFF also points out that regulations like COPPA don’t apply to these applications. (EFF) DARPA finds blockchains aren’t all that decentralized A new report from the Defense Advanced Research Project looking into if blockchains are decentralized found some “unintended centralities” leading the authors to believe that many blockchains could eventually have power centralized with a few select individuals or groups. The paper found the cryptographic underpinning of blockchain “quite robust.” But it points out that three ISPs saw 60% of all Bitcoin traffic, opening the door to these providers having the ability to restrict certain transactions, letting it become a majority voice in consensus of what actually gets written to the blockchain. The report also points out that 21% of Bitcoin nodes run older versions of the Bitcoin client that are vulnerable to attacks. (Gizmodo) Cloud email threats soar 101% in a year Trend Micro announced this number as their observation of growth in email-borne cyber-threats that they blocked last year. They also note a 138% year-on-year increase in phishing emails, of which 40% were credential phishing attempts. They also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware. Another security company, Proofpoint warned in a new report of the continued dangers posed by social engineering, highlighting how many users don’t realize that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said. (Infosecurity) Microsoft's AI spots ransomware attacks before they get started Microsoft is focusing on disrupting the earliest stages of a ransomware attack with AI enhancements for Microsoft Defender for Endpoint. In what the company calls "early incrimination," they are developing machine learning (ML) algorithms to determine "malicious intent" in files, processes, user accounts, and devices. Microsoft engineers have developed three sets of AI-generated inputs that independently generate a risk score determining whether an entity is likely involved in an active ransomware attack: • Time-based and statistical analysis of security alerts at the organizational level • Graph-based aggregation of suspicious events across devices • Device-based monitoring to flag suspicious activities By correlating these datasets, Defender can detect patterns and connections that might have been missed otherwise. If a high enough confidence level is reached, it automatically blocks the files and entities involved in the ransomware. (ZDNet) submitted by /u/CISO_Series_Producer [link] [comments]
- Ferret: Automatically finding RFC compliance bugs in DNS nameserversby /u/speckz (cybersecurity) on June 24, 2022 at 12:52 pm
submitted by /u/speckz [link] [comments]
- State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacksby /u/Cultural_Budget6627 (cybersecurity) on June 24, 2022 at 11:29 am
submitted by /u/Cultural_Budget6627 [link] [comments]
- Cybersecurity career path podcastby /u/gormami (cybersecurity) on June 24, 2022 at 10:53 am
Suzanne Gorman (no relation) and some friends did a great podcast talking about some of the different careers within the cybersecurity field. For a lot of the folks here that are asking about what to expect in the field, or thinking about it without a strong understanding of what the opportunities are, take a listen. It may help you understand that it is not a monolithic field, and there are many different types of opportunities for different types of thinkers and skill sets. https://lnkd.in/gnJd4dSH submitted by /u/gormami [link] [comments]
- NSO claims 'more than 5' EU states used its Pegasus spywareby /u/Illustrious_Yard_576 (cybersecurity) on June 24, 2022 at 10:00 am
submitted by /u/Illustrious_Yard_576 [link] [comments]
- Interview catch22by /u/Relative_Ad197 (cybersecurity) on June 24, 2022 at 7:39 am
Hello friend, managers and engineers, I have a dilemma. What would you do if you had a candidate you were interviewing show up to an interview for a security engineer position, and inform you that they found a vulnerability, showed you it and told you how to patch it! Would you hire them? Not hire them? Why or why not? What do you do in this situation? Insider threats are some of the biggest risks to companies. On the other hand they helped you fix something which was missed. submitted by /u/Relative_Ad197 [link] [comments]
- Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Databy /u/sanket-darji (cybersecurity) on June 24, 2022 at 6:31 am
submitted by /u/sanket-darji [link] [comments]
- Leaving military roleby /u/grillle (cybersecurity) on June 24, 2022 at 1:30 am
After leaving the service I find myself in a weird position where I have to sell my current military specific training and experience (not that much, and probably outdated) to a completely new market of employers. Any tips on how I can hit the ground running in this new world? Should I focus my energy on certifications like OSCP or CISSP, maybe get a degree in cyber security or the like? One last question, how do you find a skill tree to focus on out of the multitude of things. do you guys just gorge on certs and experience and flow into a path? Thanks if you read this far 🙂 submitted by /u/grillle [link] [comments]
- Daily Cyber Briefby /u/RandyMarsh_Lorde (cybersecurity) on June 24, 2022 at 12:58 am
submitted by /u/RandyMarsh_Lorde [link] [comments]
- What is it like to to be an Cybersecuirty engineer for a major defense contractor?by /u/Mr_Hexx (cybersecurity) on June 23, 2022 at 8:19 pm
I start my internship next week and wanted to know what I'm getting myself into (what it's like working for a defense contractor in cyber) and wanted some advice. From my understanding they have secure cloud platform and that'll be where most of my work comes from. I'll be most likely doing a lot of risk assessments since he mention that in the interview along with my experiences with STIGs and crypto key management . I interned at a manufacturing company for a year and a half prior to this as a mainframe systems admin. I picked up any work that was security related with my typical duties, setting up Splunk for the z/os environment and the z/os TPM for a hardware migration to name the big ones. What is the culture and work flow like? And pro's and con's? Tips for someone starting a cybersecurity engineer role? submitted by /u/Mr_Hexx [link] [comments]
- Asking workers for once: why is there a cybersecurity skills gap?by /u/ChelseaJumbo2022 (cybersecurity) on June 23, 2022 at 4:23 pm
I am doing a research project on this issue right now— looking at cybersecurity capacity building efforts in the US, UK, Australia, and Israel. Everyone agrees that there’s a skills gap. Very few propose scalable solutions or offer reasons that fully explain the issue. I’m dismayed that there are so many surveys asking employers what they need from workers but very little out there (that I’ve found) on what workers are experiencing re barriers to entry, retention, upskilling, etc. Please share your thoughts, experiences, and any resources you think I should look into. Thank you! EDIT: wow, thank you for all the replies! To assuage any doubt, I’m not planning on using comments as ‘research’. This is just me dicking around on Reddit. Apologies that that wasn’t said from the start. Thank you everyone who replied!! submitted by /u/ChelseaJumbo2022 [link] [comments]
- CISA warns over software flaws in industrial control systemsby /u/kugkug (cybersecurity) on June 23, 2022 at 4:08 pm
submitted by /u/kugkug [link] [comments]
- Entry level opportunityby /u/TheRealBuzz128 (cybersecurity) on June 23, 2022 at 2:32 pm
Right now I’m about to graduate and get my BS in IT from a legit school. I currently got a part job as an IT Help Specialist at a small corporation to get some work experience before I graduate. This corporation has a small IT team so I’m working next to the IT director and the systems administrator. They include me for everything, even all the meetings with programmers, vendors etc, I’m there sitting and listening and giving my views. I got my sec+ a few weeks ago and with the little knowledge I have I wrote a proposal to have a phishing server and some security awareness training done. To my surprise my boss called me in and tells me that they loved my idea and that should be my big project for the next quarter, and also I got an extra work station assigned to me just to do that. My boss also gave me 90 mins every day I work to train and learn about any subject related to cyber security and he is willing to pay for learning material. We have a meeting every week, and so far they have made some changes based on my advice such as encrypting emails, using bitlocker, and to setup a dns sinkhole. Why am I writing all this? Well after reading a very interesting post here on reddit, I feel like I might have found a place were I can start my entry level cybersecurity career? The pay is not good at the moment, and we are going to talk about a full time job once I graduate this December, but this has me thinking, maybe I should stay at my current job, where they allow me to gain cybersecurity experience and then after some time try to get that next level dream job? Instead of going for a better paid IT job right after graduation that might not let me develop my security skills. submitted by /u/TheRealBuzz128 [link] [comments]
- Mentorship Monday - Post All Career, Education and Job questions here!by /u/AutoModerator (cybersecurity) on June 20, 2022 at 12:00 am
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]