|
Cup Runneth Over posted:the absolute dream job well, that depends on how much you like meetings and writing docs i kinda miss writing code ngl
|
#
?
Aug 5, 2022 00:48
|
|
|
|
| # ? May 30, 2024 17:10 |
|
|
any opinions on crowdstrike?
|
|
#
?
Aug 5, 2022 01:20
|
|
|
GreenBuckanneer posted:any opinions on crowdstrike? Its the best in class for what it does (or most of what it does). It is expensive though compared to other options.
|
|
#
?
Aug 5, 2022 01:36
|
|
|
GreenBuckanneer posted:any opinions on crowdstrike? Beware bait and switch where seniors turn into juniors
|
|
#
?
Aug 5, 2022 01:37
|
|
|
I love crowdstrike logs. All other edr's logs are poo poo
|
|
#
?
Aug 5, 2022 01:38
|
|
|
I ask cause I'm gonna be fiddling with it apparently
|
|
#
?
Aug 5, 2022 01:43
|
|
|
Rust Martialis posted:Beware bait and switch where seniors turn into juniors Could you be more cryptic?
|
|
#
?
Aug 5, 2022 01:44
|
|
|
Sickening posted:Could you be more cryptic? A promise of senior engineers ends up with a bunch of randos who just started (using a computer) yesterday instead, with the assumption that the person signing the checks neither understands nor cares why this is an issue. Alternately, you start with actual qualified senior people being provided who slowly get swapped out for the above randos but you are still billed the same. Or, at least, that's my guess.
|
|
#
?
Aug 5, 2022 01:47
|
|
|
Volmarias posted:A promise of senior engineers ends up with a bunch of randos who just started (using a computer) yesterday instead, with the assumption that the person signing the checks neither understands nor cares why this is an issue. That happened to us. Promised senior resources, got guys who needed help to run a scan
|
|
#
?
Aug 5, 2022 01:50
|
|
|
Volmarias posted:A promise of senior engineers ends up with a bunch of randos who just started (using a computer) yesterday instead, with the assumption that the person signing the checks neither understands nor cares why this is an issue. That's just consulting though. It's always a crapshoot too, because the new guy might be a genius and the senior may be someone who keeps getting certs because his actual work is poo poo. But yeah, anyone selling you people will aggressively try to sell you the cheap guys for the expensive price.
|
|
#
?
Aug 5, 2022 06:38
|
|
|
We're looking at Crowdstrike for EDR and it looks great, but I have no prior experience working with them. Also for those who use AWS GuardDuty on a regular basis, they've rolled out new malware detections for EBS volumes that looks pretty cool. Playing around with it a bit this morning and yesterday. Makes me think at some point they'll use this same technique to improve Inspector for vuln scans. Some vendors, Wix comes to mind, are doing that for vuln scanning right now. Basically take a snapshot of your instance, move it over to their account to scan and then report back any findings. Pretty slick!
|
|
#
?
Aug 5, 2022 15:31
|
|
|
BaseballPCHiker posted:How many of you are security engineers or similar? And do you focus day to day on tools/software or are you doing design approvals? Or more broadly whats your day to day like. Everyone in our team is generally a security engineer of some level, the divisions for us are primarily around which security pillar you support. Some pillars like vuln management, are basically all about taking tooling output and driving actions with teams. I do app and cloud sec and that ends up with a pretty solid mix of building out pipelines for "shift-left" tooling (sast,dast,iac,etc), CSPM rule writing, deploying cloud native tooling for guardrails, app arch review & approval, etc. Think you'd really need to ask during the interview exactly what you'd be doing, the job descriptions tend to be junk. One of the slightly more interesting things we did to escape the spreadsheet hell was building an automation platform. Basically just a query lambda and step function to pull results from all our tooling and centralize it into a rds. Then a powerbi frontend that shows overall status and information on specific pillars. At a high level we give letter grades which make it easy to present to senior management, as well as a line chart showing their score over time so they can see the direction they have been trending. Then for the teams themselves, they can drill into the powerbi detail tabs and get the more traditional spreadsheet view of all the issues that are affecting their score. This centralizes all tooling into one spot and saves us from having to train and grant access to folks to a dozen or so different things. BaseballPCHiker posted:Also for those who use AWS GuardDuty on a regular basis, they've rolled out new malware detections for EBS volumes that looks pretty cool. Playing around with it a bit this morning and yesterday. Makes me think at some point they'll use this same technique to improve Inspector for vuln scans. Some vendors, Wix comes to mind, are doing that for vuln scanning right now. Basically take a snapshot of your instance, move it over to their account to scan and then report back any findings. Pretty slick! Everyone seems to be getting on the agent-less scanning bandwagon lately, and it is a very nice model for ensuring 100% coverage. AWS however is still pretty basic. Some of the other vendors doing this are able to construct fairly elaborate attack paths by tying together vm/cspm/secret scanning tooling into one database. Having to grant third parties that much access to your environment can be heartburn for some folks though. AWS' vuln scanning I've noticed is also pretty spotty, missing some containers with log4j here that other tools found.
|
|
#
?
Aug 8, 2022 14:46
|
|
|
If i have to tell our Infosec team again "no I can't do anything about the ssm agent being offline on that instance, it was terminated months ago" I'm going to die. I don't know if I hate more inspector for being dumb or our infosec team for not hearing what I'm telling them.
|
|
#
?
Aug 8, 2022 15:06
|
|
|
Send more goon vibes. 2nd interview for SOC analyst at $BIG_BANK in half an hour. My insider says it’s basically a “vibe check” to make sure I’m a good fit.
|
|
#
?
Aug 8, 2022 17:58
|
|
|
Hell yes! You've got this!
|
|
#
?
Aug 8, 2022 17:59
|
|
|
navyjack posted:Send more goon vibes. 2nd interview for SOC analyst at $BIG_BANK in half an hour. My insider says it’s basically a “vibe check” to make sure I’m a good fit. You're so in buddy.
|
|
#
?
Aug 8, 2022 19:18
|
|
|
2nd interview is 97% vibe check to see if you're weird as gently caress, if they didn't like you enough to hire you at first, you'd be out. Get ready to withdraw all your money and store them in a mattress though, you're about to feel a lot less sure about accounts!
|
|
#
?
Aug 8, 2022 19:28
|
|
|
BonHair posted:2nd interview is 97% vibe check to see if you're weird as gently caress, if they didn't like you enough to hire you at first, you'd be out. Lol what is this “money”?
|
|
#
?
Aug 8, 2022 21:04
|
|
|
navyjack posted:Send more goon vibes. 2nd interview for SOC analyst at $BIG_BANK in half an hour. My insider says it’s basically a “vibe check” to make sure I’m a good fit. Get it dude! You got this
|
|
#
?
Aug 8, 2022 21:06
|
|
|
BonHair posted:Get ready to withdraw all your money and store them in a mattress though, you're about to feel a lot less sure about accounts! Eh, it's insured and federally guaranteed and things right? Who cares if a North Korean hacker makes off with it if you'll get it back anyway?
|
|
#
?
Aug 8, 2022 21:07
|
|
|
spankmeister posted:Eh, it's insured and federally guaranteed and things right? Who cares if a North Korean hacker makes off with it if you'll get it back anyway? oh it's much much more fundamental than that
|
|
#
?
Aug 8, 2022 21:26
|
|
|
navyjack posted:Send more goon vibes. 2nd interview for SOC analyst at $BIG_BANK in half an hour. My insider says it’s basically a “vibe check” to make sure I’m a good fit. Interview went well, I think? They asked no technical questions, but all “thought process” questions. “How do you deal with stress?” “What kind of work environment do you thrive in?” “Imagine you’re a law firm and you got popped with ransomware, do you pay? Why or why not?” “Ok, so imagine that you’re US and the one who got popped was one of our vendors, do you still do business with them? Why or why not?” They seemed to like that I had lots of life experience and weren’t fussed that I’m new to IT. One thing that drove me nuts was…they didn’t have their cameras on so I couldn’t read faces or body language. Now it’s the waiting game. I got put into this interview the day after the 1st interview, so maybe they’ll be going fast.
|
|
#
?
Aug 9, 2022 00:32
|
|
|
navyjack posted:Interview went well, I think? They asked no technical questions, but all “thought process” questions. “How do you deal with stress?” “What kind of work environment do you thrive in?” “Imagine you’re a law firm and you got popped with ransomware, do you pay? Why or why not?” “Ok, so imagine that you’re US and the one who got popped was one of our vendors, do you still do business with them? Why or why not?” Assuming you didn't say anything bonkers that to me feels fairly good deal. You'd be surprised how many people absolutely cannot craft human sounding answers to general questions. Maneki Neko fucked around with this message at 00:43 on Aug 9, 2022 |
|
#
?
Aug 9, 2022 00:38
|
|
|
Especially for a "vibe check" sort of interview, not having cameras on feels pretty unprofessional. You're interviewing them, too.
|
|
#
?
Aug 9, 2022 01:21
|
|
|
more falafel please posted:Especially for a "vibe check" sort of interview, not having cameras on feels pretty unprofessional. You're interviewing them, too. I just got done interviewing with quite a few companies and only one of them had their cameras turned on. The one I did get was also the one that called me for a second interview the next day, so that should be a good sign.
|
|
#
?
Aug 9, 2022 02:39
|
|
|
A quick phone screen doesn't need cameras, but I can't imagine doing a technical interview or a "culture fit" interview without cameras on. That's really weird.
|
|
#
?
Aug 9, 2022 03:03
|
|
|
Can I be honest here and say that it's refreshing for me to hear a SOC is doing some interviewing that isn't "are you a warm body? do you have a pulse? do you know what the ping command does?" I don't mean to cast shade or anything -- I'm sure there are good SOCs out there that care about quality over quantity. Not-so-serious question. Would you take facial piercings out for a "first" camera interview? I'm very very open about mine, but even I might consider it just to not scare away some white bread recruiter/interviewer. some kinda jackal fucked around with this message at 12:34 on Aug 9, 2022 |
|
#
?
Aug 9, 2022 12:32
|
|
|
some kinda jackal posted:Not-so-serious question. Would you take facial piercings out for a "first" camera interview? I'm very very open about mine, but even I might consider it just to not scare away some white bread recruiter/interviewer. Facial piercings are so common now i think even the whitest recruiter will not care, ask their internal contact for confermation if you are not sure.
|
|
#
?
Aug 9, 2022 13:14
|
|
|
Honestly, people are so hard up for Infosec resources, I don't think piercings will be a line.
|
|
#
?
Aug 9, 2022 13:18
|
|
|
Every subsequent interview I will add a new clip-on “piercing” until they ask.
|
|
#
?
Aug 9, 2022 13:21
|
|
|
some kinda jackal posted:Every subsequent interview I will add a new clip-on “piercing” until they ask. Move it around during the interview
|
|
#
?
Aug 9, 2022 15:56
|
|
|
Excuse me, I need a quick sip of water. *comes back with two new piercings on lip, opposite nostril clip-on*
|
|
#
?
Aug 9, 2022 16:49
|
|
|
Find a piecing parlor that will live stream to use as a background
|
|
#
?
Aug 9, 2022 17:07
|
|
|
some kinda jackal posted:Not-so-serious question. Would you take facial piercings out for a "first" camera interview? I'm very very open about mine, but even I might consider it just to not scare away some white bread recruiter/interviewer. Would I? Yeah, probably. Would it be actually necessary to do so? Almost definitely not
|
|
#
?
Aug 9, 2022 21:12
|
|
|
It helps that the counter-culture 80s hacker vibe still has an undercurrent in modern cyber security for stuff like that.
|
|
#
?
Aug 9, 2022 21:28
|
|
|
Use a camera filter so that the piercing is the thing that's talking to the interviewers
|
|
#
?
Aug 9, 2022 21:36
|
|
|
if any of you could pick between Business Continuity work or GRC, which would you go with? I have potential opportunities in both fields starting as a fresh graduate with a super general Cybersecurity degree.
|
|
#
?
Aug 10, 2022 19:40
|
|
|
whichever one sounds more interesting to you, pays more, etc. if those were my only options in the field, id probably go back to being a dev (unless they wanted to pay me fat stacks, in which case  ). but i doubt that's how you feel about it
|
|
#
?
Aug 10, 2022 19:54
|
|
|
Famethrowa posted:if any of you could pick between Business Continuity work or GRC, which would you go with? Your headaches are gonna be mostly the same, really: who's in charge, why is no one actually doing the thing, politics. Business continuity is not removed from actual cyber security than GRC, since it's basically asking "yeah, if your computers are gone, what then, smarty pants?". By definition, that doesn't require much more technical knowledge than "IT can break" really. In GRC, you actually have to know who handles logs, what logs are and have opinions on what would be a good idea to log and so on, in combination with all the politics of getting anyone to care. So it's closer to IT, but still probably firmly in the nontechnical category. Personally, I would pick GRC, but that's because you get a broader perspective on things. Really, go with the company that seems most likely to actually invest time from other departments in your field. Try to avoid places that try to contain security to one isolated department.
|
|
#
?
Aug 10, 2022 20:07
|
|
|
|
| # ? May 30, 2024 17:10 |
|
|
I've been involved in both BCP and GRC. I don't have a particular love of either, but if someone held a gun to my head I'd say GRC. It's also a really wide field though. I've done policy work which is sterile but somewhat unrewarding as you watch your work ignored year after year for **reasons**; Compliance can be ok as long as you are set up for success. If you are tasked with compliance at a company that has no processes or lacks the right policies you'll just be pushing a boulder uphill monday through friday. I actually haven't done much risk management to be honest, but I do deal with our risk folks all the time and honestly I'm still not sure what they do outside of plugging things into a probability matrix, since they always just ask me to assess the risk. BCP is kind of tied to the GRC pillar anyway though, so it may not be too far of a stretch to imagine you'll be involved in both. And ultimately you can parlay GRC into more jobs I think, so if for no other reason than that I'd just go that direction.
|
|
#
?
Aug 10, 2022 20:22
|
|