|
BonHair posted:Preferably, get a buddy you can set up fake meetings with, since calendar time marked "busy" will often just get ignored by the meeting people. Be ruthless when declining meetings. They'll get the point sooner or later. Or they'll make do without you in that meeting. Diva Cupcake posted:What's it like being on vacation? I'm not on vacation (See also: the above).
|
# ? Sep 20, 2023 16:29 |
|
|
# ? May 31, 2024 10:15 |
|
Definitely ask for an agenda for any meeting, so you can figure out how to not be there. (Sometimes it’s easier to go to the meeting and just work on something in the background instead, though.)
|
# ? Sep 20, 2023 16:33 |
|
Subjunctive posted:Definitely ask for an agenda for any meeting, so you can figure out how to not be there. This is how I live my management life
|
# ? Sep 20, 2023 16:44 |
|
I don't work on things in the background in meetings. If I'm wasting my time in a meeting, I'm wasting my time in a meeting. I'm not going to risk being expected to have comprehended something in a meeting or doing a poor job on a task because I can't concentrate. My current job is all meetings. I get nothing done. I tell my boss and their boss that I don't have time to get things done. That's their problem.
|
# ? Sep 20, 2023 16:46 |
|
Cannon_Fodder posted:I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience. Welcome to vuln management. It doesn't get better. I ran our vuln management for about 4 years before building it out to something proper that can be reasonably handled by another team (in the security office). I like to think I've seen everything, but please do prove me wrong with any novel nightmares you come across.
|
# ? Sep 20, 2023 17:34 |
|
ChubbyThePhat posted:Welcome to vuln management. It doesn't get better. I ran our vuln management for about 4 years before building it out to something proper that can be reasonably handled by another team (in the security office). I like to think I've seen everything, but please do prove me wrong with any novel nightmares you come across. I had a meeting with my CISO last week on the topic of vuln management. They are a very modern, progressive CISO whose opinion I think a great deal of. Saying that, the shift they want to take with it is just so absurd that it makes me second guess every decision they have ever made. The company has an eroding ownership of infrastructure and resources. The low bar of creating infrastructure has created a gigantic vacuum of "what now" after it exists. SRE/DEVOPS/WHATEVERYOUWANTTOCALLSHIT teams never truly aligned their goals with maintaining infrastructure and resources after it exists. Devs live to build poo poo and abandon it. Basically every team in existence desires the ability to create and abandon everything but what the infrastructure makes possible. My CISO is looking to expand the scope of security even more. They have a vision of SecOps to architect, create, deploy, and maintain OS vuln, app vuln, config vuln, network vuln, and CI/CD vuln for every aspect of the company. The very notion of "we can't rely on the rest of the company to do what we demand, so we are going to do it ourselves" and its never going to loving work. Our teams are going to crush themselves under boundless scope and responsibility. We are just going to fail.
|
# ? Sep 20, 2023 18:02 |
|
Diva Cupcake posted:What's it like being on vacation? Yes, please. Let me live vicariously through you.
|
# ? Sep 20, 2023 18:29 |
|
Sickening posted:My CISO is looking to expand the scope of security even more. They have a vision of SecOps to architect, create, deploy, and maintain OS vuln, app vuln, config vuln, network vuln, and CI/CD vuln for every aspect of the company. The very notion of "we can't rely on the rest of the company to do what we demand, so we are going to do it ourselves" and its never going to loving work. Our teams are going to crush themselves under boundless scope and responsibility. We are just going to fail. That scope is purely infinite and is not achievable under any circumstance Obviously you know this, I'm just doubling down on it seems you have a CISO who has taken to heart the idea of "if you want something done, do it yourself". Here's you hoping you can talk them out of it and into a more reasonable path of process creation to hand out specific remediation work. Let it be known I also hate this solution in smaller corps, but I will take it over either the extremes of 'we do it all' and 'pray other teams do it themselves'.
|
# ? Sep 20, 2023 19:13 |
|
Wibla posted:Be ruthless when declining meetings. They'll get the point sooner or later. Or they'll make do without you in that meeting. Subjunctive posted:(Sometimes it’s easier to go to the meeting and just work on something in the background instead, though.) Sickening posted:The company has an eroding ownership of infrastructure and resources. The low bar of creating infrastructure has created a gigantic vacuum of "what now" after it exists. SRE/DEVOPS/WHATEVERYOUWANTTOCALLSHIT teams never truly aligned their goals with maintaining infrastructure and resources after it exists. Devs live to build poo poo and abandon it. Basically every team in existence desires the ability to create and abandon everything but what the infrastructure makes possible.
|
# ? Sep 20, 2023 21:08 |
|
I have been tasked with standing up an OpenCTI instance for us; sure sounds great. Anyone ever build this before or am I essentially being given another pet project for me to turn into the greybeard over?
|
# ? Sep 20, 2023 21:33 |
|
Do misp, it'll integrate better with your tools and it's the same price.
|
# ? Sep 21, 2023 03:54 |
|
Seconding misp here
|
# ? Sep 21, 2023 04:23 |
|
Anyone want to guess salary for this position? Title: Offensive Security Specialist. Based in Berlin.
|
# ? Sep 21, 2023 06:10 |
|
Unpaid internship.
|
# ? Sep 21, 2023 06:20 |
|
Mike Cartwright posted:
€35000
|
# ? Sep 21, 2023 06:29 |
|
CLAM DOWN posted:€35000 Yep pretty close.
|
# ? Sep 21, 2023 06:39 |
|
To put that into perspective for the non-German/EU goons: the lowest end of their range is barely more than minimum wage.
|
# ? Sep 21, 2023 07:08 |
|
Not all of them are this bad, but this is one of the worst ones I've seen in a while. Could have added GSE.
|
# ? Sep 21, 2023 07:24 |
|
Mike Cartwright posted:
The top end of that is about what I make as a desperately underpaid network engineer in Vancouver, and I have to live an hour by transit from the office to be able to afford rent. I thought our garbage wages were loving criminal, but holy poo poo, Berlin's got us beat.
|
# ? Sep 21, 2023 07:34 |
|
Kazinsal posted:The top end of that is about what I make as a desperately underpaid network engineer in Vancouver, and I have to live an hour by transit from the office to be able to afford rent. I used to work in a NOC 10+ yrs ago and I think I made the middle of that range.
|
# ? Sep 21, 2023 07:58 |
|
Cost of living isn't comparable between Vancouver and Berlin, but it's still a pitiful wage for Berlin standards.
|
# ? Sep 21, 2023 08:10 |
|
spankmeister posted:Cost of living isn't comparable between Vancouver and Berlin, but it's still a pitiful wage for Berlin standards. I looked it up, and the average rent in downtown Berlin for a one-bedroom apartment is about 2/3 of what the same would be in downtown Vancouver. Apparently I need to learn German.
|
# ? Sep 21, 2023 08:15 |
|
Kazinsal posted:I looked it up, and the average rent in downtown Berlin for a one-bedroom apartment is about 2/3 of what the same would be in downtown Vancouver. Depends on the neighborhood. Prices are fluctuating, you can get one bedroom for 700-800EUR, a 2br in Kreuzberg for 900EUR is a "steal" - it really depends. And no need for German. You'll pick it up anyway.
|
# ? Sep 21, 2023 08:35 |
|
Kazinsal posted:I looked it up, and the average rent in downtown Berlin for a one-bedroom apartment is about 2/3 of what the same would be in downtown Vancouver. You don't need to speak German in Berlin, especially if you work in tech.
|
# ? Sep 21, 2023 09:22 |
|
Alternatively, don't discourage someone from learning the language of where they're considering moving to. Being able to speak German is going to be useful in Germany, particularly if you don't want to remain trapped in the "expat" bubble.
|
# ? Sep 21, 2023 10:00 |
|
Learning languages of where you move to is basic politeness, though in Germany if the locals detect that you can't quite master German they will quickly switch to English and not really give you much of a chance to learn. The opposite of France.
|
# ? Sep 21, 2023 11:08 |
|
Doing pentests for the exposure
|
# ? Sep 21, 2023 12:17 |
|
Kazinsal posted:I thought our garbage wages were loving criminal, but holy poo poo, Berlin's got us beat.
|
# ? Sep 21, 2023 12:28 |
|
Taking bets on whether this will make Splunk more expensive https://investor.cisco.com/news/new...ld/default.aspx
|
# ? Sep 21, 2023 13:26 |
Blinkz0rz posted:Taking bets on whether this will make Splunk more expensive I for one am looking forward to seeing Cisco work their licensing magic
|
|
# ? Sep 21, 2023 13:29 |
|
Mike Cartwright posted:
Well do you have on of the following certifications? Maybe they missed two letters instead of one and are hoping that you have none certifications.
|
# ? Sep 21, 2023 13:36 |
|
Blinkz0rz posted:Taking bets on whether this will make Splunk more expensive
|
# ? Sep 21, 2023 14:18 |
|
Mildly surprised it wasn't Oracle I texted my friend who's the Splunk business owner at work and he lost it. I think I ruined his day before 8am lol
|
# ? Sep 21, 2023 14:23 |
|
That's the product dead then, expect some really half-arsed integrations that need three racks of VM hosts to act as licensing servers
|
# ? Sep 21, 2023 14:56 |
|
rafikki posted:I for one am looking forward to seeing Cisco work their licensing magic i don't see how it could get worse, unless you need a splunk cert to get the license.
|
# ? Sep 21, 2023 15:16 |
|
wargames posted:i don't see how it could get worse, unless you need a splunk cert to get the license. Oh, I think you aren't digging nearly as deep as a properly desperate executive. Just imagine it. "We've heard some customers complain that our pricing model is difficult for them to manage due to fluctuating ingest bandwidth needs. We've decided to make a more flexible set of options built around Splunk Infrastructure Credits (SICs) which can be used for ingest-based or a new capacity-based licensing model. Telemetry in new editions of Splunk will phone home and tell us how many SICs you're using, and you'll be billed accordingly. We'll be publishing the details of SIC calculations in the future."
|
# ? Sep 21, 2023 15:48 |
|
But they already do that. That's the
|
# ? Sep 21, 2023 17:17 |
|
Don't forget your DNA licenses required to host the Splunk services
|
# ? Sep 21, 2023 17:33 |
|
Going through the wringer right now with security engineer interviews and every company thinks they are Google. 4 or 5 rounds of final interviews, each with a Leetcode algorithms round. I have 9 hours of interviews scheduled for the beginning of next week.
|
# ? Sep 21, 2023 17:42 |
|
|
# ? May 31, 2024 10:15 |
|
Soooo is everyone else seeing a massive increase in QR code phishing for o365 logins?
|
# ? Sep 21, 2023 19:39 |